What is the CVSS score of CVE-2026-49002?

CVE-2026-49002 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of ZXUniPOS NDS-LTE are affected by CVE-2026-49002?

ZTE ZXUniPOS NDS-LTE installations are exposed to unauthorized remote configuration modification through an authentication bypass, creating immediate risk to network service continuity and data…

ZXUniPOS NDS-LTE CVE-2026-49002

EUVD-2026-32152 CRITICAL

Improper Access Control (CWE-284)

2026-05-27 zte

GHSA-54c6-h824-3w6w

Authentication Bypass Zxunipos Nds Lte

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 20:19 vuln.today

DescriptionNVD

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.

AnalysisAI

Improper access control in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) lets remote unauthenticated attackers reach functionality that should be permission-gated, allowing them to read and modify system configuration data beyond their authorization. The CVSS 3.1 base score is 9.1 (AV:N/AC:L/PR:N/UI:N) with high confidentiality and integrity impact but no availability impact, and the issue is tagged as an authentication bypass. …

RemediationAI

Within 24 hours: Identify all affected systems running ZTE ZXUniPOS NDS-LTE V24.40.40 and earlier or V24.30.40CP02 and earlier; assess their network exposure and immediately restrict access from untrusted networks. Within 7 days: Deploy network segmentation and firewall rules limiting administrative access; implement configuration change monitoring and alerting on affected systems; contact ZTE for patch availability timeline. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-49002 vulnerability details – vuln.today

Back

ZXUniPOS NDS-LTE CVE-2026-49002

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code