Skip to main content

ZTE uSmartview EUVD-2026-28243

| CVE-2026-40004 MEDIUM
Uncontrolled Search Path Element (CWE-427)
2026-05-07 zte GHSA-53wr-r4p3-wrc5
Privilege Escalation RCE OpenSSL Zte
5.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N
Attack Vector
Physical
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 07, 2026 - 04:47 vuln.today
CVE Published
May 07, 2026 - 03:47 nvd
MEDIUM 5.5

DescriptionNVD

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.

AnalysisAI

ZTE Cloud PC client uSmartview contains an OpenSSL configuration file privilege escalation vulnerability (CVE-2026-40004) that allows authenticated local attackers with user-level privileges to execute arbitrary code and escalate to higher privilege levels through a malicious openssl.cnf file. This requires physical access or local system access combined with user interaction, and affects ZTE's virtualized desktop infrastructure product. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-44409 MEDIUM
5.7 May 22

Unauthorized information disclosure in the ZTE MU5250 5G mobile router allows an adjacent-network attacker with low-priv

Share

EUVD-2026-28243 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy