Skip to main content

Zxunipos Nds Lte

4 CVEs product

Monthly

CVE-2026-49002 CRITICAL Act Now

Improper access control in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) lets remote unauthenticated attackers reach functionality that should be permission-gated, allowing them to read and modify system configuration data beyond their authorization. The CVSS 3.1 base score is 9.1 (AV:N/AC:L/PR:N/UI:N) with high confidentiality and integrity impact but no availability impact, and the issue is tagged as an authentication bypass. EPSS is very low at 0.03% (9th percentile) and there is no public exploit identified at time of analysis.

Authentication Bypass Zxunipos Nds Lte
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-49001 MEDIUM This Month

CSRF vulnerability in ZTE ZXUniPOS NDS-LTE enables an attacker to forge authenticated cross-site requests that modify system configuration data on behalf of a high-privilege user. The CVSS vector (PR:H/UI:R/AC:H) tightly constrains exploitation: a high-privilege administrator must be actively tricked into visiting attacker-controlled content while an authenticated session is live. No public exploit code exists and no KEV listing is present; EPSS at 0.02% (4th percentile) and SSVC Exploitation=none collectively signal negligible observed real-world exploitation activity.

CSRF Zxunipos Nds Lte
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-49000 HIGH This Week

Information disclosure in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) stems from an insecure cryptographic password scheme - such as hard-coded keys, weak encryption algorithms, or poor key management - that lets remote, unauthenticated attackers recover or tamper with protected data. The CVSS vector (AV:N/AC:H/PR:N) indicates network reachability without credentials but with high attack complexity, and the primary impact is confidentiality loss (C:H) with minor integrity and availability effects. There is no public exploit identified at time of analysis, and EPSS is very low (0.02%, 7th percentile).

Information Disclosure Zxunipos Nds Lte
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-44410 LOW Monitor

Business logic abuse in ZTE ZXUniPOS NDS-LTE (versions V24.40.40 and V24.30.40CP02) allows a highly privileged authenticated network attacker to manipulate legitimate application functions in ways unintended by the designer, yielding limited integrity and availability degradation. The CVSS score of 3.8 (Low) combined with an EPSS exploitation probability of 0.03% (7th percentile) and SSVC exploitation status of 'none' collectively indicate minimal immediate real-world threat. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Information Disclosure Zxunipos Nds Lte
NVD VulDB
CVSS 3.1
3.8
EPSS
0.0%
EPSS 0% CVSS 9.1
CRITICAL Act Now

Improper access control in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) lets remote unauthenticated attackers reach functionality that should be permission-gated, allowing them to read and modify system configuration data beyond their authorization. The CVSS 3.1 base score is 9.1 (AV:N/AC:L/PR:N/UI:N) with high confidentiality and integrity impact but no availability impact, and the issue is tagged as an authentication bypass. EPSS is very low at 0.03% (9th percentile) and there is no public exploit identified at time of analysis.

Authentication Bypass Zxunipos Nds Lte
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

CSRF vulnerability in ZTE ZXUniPOS NDS-LTE enables an attacker to forge authenticated cross-site requests that modify system configuration data on behalf of a high-privilege user. The CVSS vector (PR:H/UI:R/AC:H) tightly constrains exploitation: a high-privilege administrator must be actively tricked into visiting attacker-controlled content while an authenticated session is live. No public exploit code exists and no KEV listing is present; EPSS at 0.02% (4th percentile) and SSVC Exploitation=none collectively signal negligible observed real-world exploitation activity.

CSRF Zxunipos Nds Lte
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Information disclosure in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) stems from an insecure cryptographic password scheme - such as hard-coded keys, weak encryption algorithms, or poor key management - that lets remote, unauthenticated attackers recover or tamper with protected data. The CVSS vector (AV:N/AC:H/PR:N) indicates network reachability without credentials but with high attack complexity, and the primary impact is confidentiality loss (C:H) with minor integrity and availability effects. There is no public exploit identified at time of analysis, and EPSS is very low (0.02%, 7th percentile).

Information Disclosure Zxunipos Nds Lte
NVD
EPSS 0% CVSS 3.8
LOW Monitor

Business logic abuse in ZTE ZXUniPOS NDS-LTE (versions V24.40.40 and V24.30.40CP02) allows a highly privileged authenticated network attacker to manipulate legitimate application functions in ways unintended by the designer, yielding limited integrity and availability degradation. The CVSS score of 3.8 (Low) combined with an EPSS exploitation probability of 0.03% (7th percentile) and SSVC exploitation status of 'none' collectively indicate minimal immediate real-world threat. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Information Disclosure Zxunipos Nds Lte
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy