Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.
AnalysisAI
Business logic abuse in ZTE ZXUniPOS NDS-LTE (versions V24.40.40 and V24.30.40CP02) allows a highly privileged authenticated network attacker to manipulate legitimate application functions in ways unintended by the designer, yielding limited integrity and availability degradation. The CVSS score of 3.8 (Low) combined with an EPSS exploitation probability of 0.03% (7th percentile) and SSVC exploitation status of 'none' collectively indicate minimal immediate real-world threat. No public exploit code and no CISA KEV listing have been identified at time of analysis.
Technical ContextAI
ZTE ZXUniPOS NDS-LTE is a telecommunications network management and provisioning platform targeting LTE network infrastructure, identified by CPE cpe:2.3:a:zte:zxunipos_nds-lte:*:*:*:*:*:*:*:*. The assigned CWE is CWE-1240 ('Use of a Risky Cryptographic Primitive'), which describes weaknesses arising from reliance on cryptographic primitives with known insecure properties. However, the CVE description characterizes this as a 'business logic flaw' - a category more typically associated with CWE-840 (Business Logic Errors) - where an attacker exploits legitimate application workflows in unintended sequences or with abnormal inputs to produce unauthorized outcomes. This CWE-to-description discrepancy should be verified with the vendor; the technical root cause may involve a flawed cryptographic control embedded within a business-logic-governed workflow, or the CWE assignment may be imprecise. The tags label this 'Information Disclosure', yet the CVSS vector shows C:N (no confidentiality impact), indicating a further inconsistency between metadata sources.
RemediationAI
Consult the ZTE security bulletin at https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343383 for vendor-issued guidance; a patched release version has not been independently confirmed from the available reference data, so administrators should contact ZTE support directly to obtain the remediated build. As a compensating control, strictly enforce the principle of least privilege to reduce the number of accounts holding the high-privilege level required to trigger this flaw - this directly negates the primary exploitation prerequisite. Additionally, enable audit logging for privileged application actions so that abnormal usage patterns deviating from expected business workflows can be detected. Network segmentation to restrict access to the NDS-LTE management interface to only authorized administrative subnets reduces the network-accessible attack surface. These controls do not eliminate the vulnerability but substantially raise the bar for exploitation while a vendor patch is applied.
More in Zxunipos Nds Lte
View allImproper access control in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) lets remote unaut
Information disclosure in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) stems from an inse
CSRF vulnerability in ZTE ZXUniPOS NDS-LTE enables an attacker to forge authenticated cross-site requests that modify sy
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31809
GHSA-rv22-cchr-w8fp