EUVD-2026-32152
GHSA-54c6-h824-3w6w
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.
AnalysisAI
Improper access control in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) lets remote unauthenticated attackers reach functionality that should be permission-gated, allowing them to read and modify system configuration data beyond their authorization. The CVSS 3.1 base score is 9.1 (AV:N/AC:L/PR:N/UI:N) with high confidentiality and integrity impact but no availability impact, and the issue is tagged as an authentication bypass. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all affected systems running ZTE ZXUniPOS NDS-LTE V24.40.40 and earlier or V24.30.40CP02 and earlier; assess their network exposure and immediately restrict access from untrusted networks. Within 7 days: Deploy network segmentation and firewall rules limiting administrative access; implement configuration change monitoring and alerting on affected systems; contact ZTE for patch availability timeline. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today