Skip to main content

ZTE MU5250 CVE-2026-44409

| EUVDEUVD-2026-31408 MEDIUM
Information Exposure (CWE-200)
2026-05-22 zte GHSA-gcf2-x38g-f7w4
5.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.7 MEDIUM
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 22, 2026 - 05:15 vuln.today

DescriptionCVE.org

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure.

AnalysisAI

Unauthorized information disclosure in the ZTE MU5250 5G mobile router allows an adjacent-network attacker with low-privilege access to retrieve sensitive information due to misconfigured access control mechanisms. The vulnerability carries a CVSS 3.1 base score of 5.7 (Medium) with high confidentiality impact, confirmed by ZTE through their own security bulletin. No public exploit code or CISA KEV listing has been identified at time of analysis, limiting immediate mass-exploitation risk, though the high confidentiality impact (C:H) warrants timely remediation in network-sensitive deployments.

Technical ContextAI

The ZTE MU5250 is a 5G CPE/mobile router device, as evidenced by the firmware identifier 'BD_FLYMODEMMU5250V1.0.0B27' in EUVD data. The root cause is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), indicating that the device's access control layer fails to enforce proper authorization checks before returning sensitive data - likely through an internal API endpoint, management interface, or diagnostic function that does not validate the privilege level or scope of the requesting principal. The CPE string (cpe:2.3:a:zte:mu5250:*:*:*:*:*:*:*:*) uses a wildcard version field, suggesting NVD has not bounded the affected version range beyond what EUVD specifies. The CVSS adjacent-network vector (AV:A) is consistent with the device being a local network appliance whose management plane is exposed only to the LAN/WLAN segment it serves.

RemediationAI

The primary remediation is to consult and apply the update referenced in ZTE's official security bulletin at https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343342. A specific patched firmware version has not been independently confirmed from the available data - administrators should verify the target firmware version directly from ZTE before upgrading. As a compensating control while awaiting patching, restrict access to the MU5250 management interface to trusted hosts only, and ensure the device is not exposed to untrusted users on the adjacent network segment. If the device is deployed in a shared network (enterprise WLAN, guest network), isolate it at Layer 2 using VLAN segmentation to limit which hosts can reach the management plane. Minimizing the privilege level of accounts that interact with the device reduces the pool of potential attackers, as PR:L indicates low-privilege credentials are sufficient for exploitation.

More in Zte

View all
CVE-2014-2321 CRITICAL POC
10.0 Mar 11

web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd

CVE-2015-7251 CRITICAL POC
9.8 Dec 30

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, whic

CVE-2015-7259 HIGH POC
8.8 Aug 24

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid

CVE-2015-7258 HIGH POC
8.8 Aug 24

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain

CVE-2015-7248 HIGH POC
7.5 Dec 30

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password ha

CVE-2014-0329 CRITICAL POC
9.3 Feb 04

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account

CVE-2015-7250 HIGH POC
7.5 Dec 30

Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE

CVE-2017-16953 HIGH POC
7.5 Dec 01

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to mo

CVE-2015-7252 MEDIUM POC
6.1 Dec 30

Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_

CVE-2015-7257 HIGH POC
7.5 Aug 24

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrato

CVE-2018-7364 CRITICAL POC
9.8 Dec 07

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control

CVE-2014-4018 HIGH POC
7.8 Jul 16

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which

Share

CVE-2026-44409 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy