Skip to main content

ZTE MU5250 EUVDEUVD-2026-30851

| CVE-2026-44408 MEDIUM
Information Exposure (CWE-200)
2026-05-19 zte GHSA-cwrg-crx8-vv9w
6.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 19, 2026 - 09:31 vuln.today

DescriptionCVE.org

There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can  modify configuration through the interface.

AnalysisAI

Improper permission control on the ZTE MU5250 web management interface allows an adjacent-network attacker with low-level credentials to modify device configuration beyond their authorized scope, resulting in high availability impact and low integrity impact. Affected firmware is confirmed as BD_FLYMODEMMU5250V1.0.0B27, self-disclosed by ZTE via their security bulletin. No public exploit code or CISA KEV listing exists at time of analysis, and exploitation is constrained to adjacent network access with some level of authenticated access per the CVSS vector.

Technical ContextAI

The ZTE MU5250 appears to be a fixed wireless or mobile broadband CPE device (likely 5G/LTE modem-router) based on ZTE's product naming convention. The vulnerability resides in its web-based management interface, which fails to enforce authorization boundaries between privilege levels - allowing a lower-privileged authenticated user to invoke configuration endpoints that should be restricted to higher-privilege roles. The assigned CWE is CWE-200 (Information Exposure), but this conflicts with the described impact of configuration modification; the root cause more accurately reflects CWE-284 (Improper Access Control) or CWE-862 (Missing Authorization). The discrepancy between the CWE assignment and the actual behavior described - unauthorized configuration changes rather than data disclosure - should be noted as a data quality issue in the NVD/EUVD records. The CPE string cpe:2.3:a:zte:mu5250:*:*:*:*:*:*:*:* covers all versions, but EUVD narrows the confirmed affected build to firmware version BD_FLYMODEMMU5250V1.0.0B27.

RemediationAI

The primary remediation action is to apply any firmware update issued by ZTE for the MU5250 that addresses this permission control flaw - consult the ZTE security bulletin at https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2657904255874650158 for the specific patched firmware version, as no explicit fix version number was provided in the available data. Until a patch is applied, restrict access to the device's web management interface by disabling remote web access if not required, and ensure the management interface is bound only to trusted network interfaces. Network-level controls such as firewall rules blocking HTTP/HTTPS access to the device's management port from untrusted adjacent segments provide a meaningful compensating control; however, these do not eliminate risk if the attacker is already on the same trusted LAN segment. Changing default credentials and minimizing the number of accounts with any level of authenticated access reduces the low-privilege attack surface. No side-effect concerns are expected from these access restrictions beyond loss of remote management convenience.

More in Zte

View all
CVE-2014-2321 CRITICAL POC
10.0 Mar 11

web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd

CVE-2015-7251 CRITICAL POC
9.8 Dec 30

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, whic

CVE-2015-7259 HIGH POC
8.8 Aug 24

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid

CVE-2015-7258 HIGH POC
8.8 Aug 24

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain

CVE-2015-7248 HIGH POC
7.5 Dec 30

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password ha

CVE-2014-0329 CRITICAL POC
9.3 Feb 04

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account

CVE-2015-7250 HIGH POC
7.5 Dec 30

Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE

CVE-2017-16953 HIGH POC
7.5 Dec 01

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to mo

CVE-2015-7252 MEDIUM POC
6.1 Dec 30

Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_

CVE-2015-7257 HIGH POC
7.5 Aug 24

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrato

CVE-2018-7364 CRITICAL POC
9.8 Dec 07

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control

CVE-2014-4018 HIGH POC
7.8 Jul 16

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which

Share

EUVD-2026-30851 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy