Severity by source
AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L
Lifecycle Timeline
1DescriptionCVE.org
Cross-site request forgery (CSRF) vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data.
AnalysisAI
CSRF vulnerability in ZTE ZXUniPOS NDS-LTE enables an attacker to forge authenticated cross-site requests that modify system configuration data on behalf of a high-privilege user. The CVSS vector (PR:H/UI:R/AC:H) tightly constrains exploitation: a high-privilege administrator must be actively tricked into visiting attacker-controlled content while an authenticated session is live. No public exploit code exists and no KEV listing is present; EPSS at 0.02% (4th percentile) and SSVC Exploitation=none collectively signal negligible observed real-world exploitation activity.
Technical ContextAI
ZXUniPOS NDS-LTE is a ZTE network management application for LTE network domain solutions (CPE: cpe:2.3:a:zte:zxunipos_nds-lte:*:*:*:*:*:*:*:*). CWE-352 (Cross-Site Request Forgery) arises when a web application performs state-changing operations without verifying that the originating request came from the legitimate authenticated session rather than a forged cross-origin request. The root cause class indicates the application either lacks anti-CSRF tokens, does not validate the Origin/Referer header, or has a bypassable implementation of such controls. The AC:H component of the CVSS vector implies partial protections exist but are circumventable under specific conditions, consistent with CSRF defenses that are inconsistently applied across all configuration endpoints.
RemediationAI
Consult the ZTE security bulletin at https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343400 for the official patched release. An exact fixed version number is not confirmed in the available input data - the vendor advisory must be consulted directly to determine the target upgrade version for each affected branch (V24.30.40CP02 branch and V24.40.40 branch). As a compensating control pending patch application, restrict access to the ZXUniPOS NDS-LTE administrative web interface to trusted internal networks or VPN-only segments, which eliminates the browser-reachability condition required for CSRF. Enforcing SameSite=Strict or SameSite=Lax cookie attributes at the application or reverse proxy layer will directly mitigate CSRF exploitation paths, though this may affect cross-origin integrations. High-privilege administrator accounts should be educated on phishing and social engineering risks, given that UI:R is a hard prerequisite for exploitation.
More in Zxunipos Nds Lte
View allImproper access control in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) lets remote unaut
Information disclosure in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) stems from an inse
Business logic abuse in ZTE ZXUniPOS NDS-LTE (versions V24.40.40 and V24.30.40CP02) allows a highly privileged authentic
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32109
GHSA-wggp-h5mg-v3hg