9
CVEs
0
Critical
2
High
0
KEV
2
PoC
2
Unpatched C/H
0.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
2
MEDIUM
7
LOW
0
Monthly CVE Trend
Affected Products (1)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-34473 | Remote denial-of-service in ZTE home routers (H8102E, H168N, H167A, and 15 other models) allows unauthenticated network attackers to crash the web management interface via oversized HTTP POST request with application/x-www-form-urlencoded content, requiring physical device reboot to restore service. ZTE claims devices patched since March 2021, but operator firmware timelines vary. EPSS data not available; no active exploitation confirmed (not in CISA KEV). Publicly available exploit details exist via GitHub gist. | HIGH | 7.5 | 0.0% | 58 |
PoC
No patch
|
| CVE-2026-34474 | Remote unauthenticated attackers can retrieve plaintext administrator passwords and WLAN Pre-Shared Keys from ZTE ZXHN H298A (firmware 1.1) and H108N (firmware 2.6) routers via crafted HTTP requests to the web management interface. The vulnerability enables complete network compromise through credential theft without requiring authentication. Public exploit code exists (GitHub Gist), demonstrating active researcher interest, though no CISA KEV listing indicates targeted rather than widespread exploitation. EPSS data unavailable, but the combination of network attack vector, no authentication requirement, and credential exposure presents immediate risk to affected deployments. | HIGH | 7.5 | 0.0% | 58 |
PoC
No patch
|
| CVE-2026-44408 | Improper permission control on the ZTE MU5250 web management interface allows an adjacent-network attacker with low-level credentials to modify device configuration beyond their authorized scope, resulting in high availability impact and low integrity impact. Affected firmware is confirmed as BD_FLYMODEMMU5250V1.0.0B27, self-disclosed by ZTE via their security bulletin. No public exploit code or CISA KEV listing exists at time of analysis, and exploitation is constrained to adjacent network access with some level of authenticated access per the CVSS vector. | MEDIUM | 6.3 | 0.0% | 32 |
No patch
|
| CVE-2026-44406 | DLL hijacking in ZTE Cloud PC client uSmartView allows unauthenticated local attackers to achieve arbitrary code execution and privilege escalation by planting a malicious DLL that is loaded by uSmartViewServiceAgent.exe running with SYSTEM privileges. The vulnerability requires local access but no authentication and affects multiple ZXCloud IRAI product versions. No public exploit code or active exploitation has been confirmed at this time. | MEDIUM | 5.7 | 0.0% | 29 |
No patch
|
| CVE-2026-44409 | Unauthorized information disclosure in the ZTE MU5250 5G mobile router allows an adjacent-network attacker with low-privilege access to retrieve sensitive information due to misconfigured access control mechanisms. The vulnerability carries a CVSS 3.1 base score of 5.7 (Medium) with high confidentiality impact, confirmed by ZTE through their own security bulletin. No public exploit code or CISA KEV listing has been identified at time of analysis, limiting immediate mass-exploitation risk, though the high confidentiality impact (C:H) warrants timely remediation in network-sensitive deployments. | MEDIUM | 5.7 | 0.0% | 28 |
No patch
|
| CVE-2026-40004 | ZTE Cloud PC client uSmartview contains an OpenSSL configuration file privilege escalation vulnerability (CVE-2026-40004) that allows authenticated local attackers with user-level privileges to execute arbitrary code and escalate to higher privilege levels through a malicious openssl.cnf file. This requires physical access or local system access combined with user interaction, and affects ZTE's virtualized desktop infrastructure product. The CVSS score of 5.5 reflects the physical attack vector and additional user interaction requirement, despite the severity of code execution and cross-system scope impact. | MEDIUM | 5.5 | 0.0% | 28 |
No patch
|
| CVE-2026-40001 | Local privilege escalation in ZTE PROCESS Guard Service allows authenticated local users to escalate privileges and achieve arbitrary code execution through improper access control enforcement, affecting the cloud computer client. The vulnerability requires local access and authenticated user context but operates across system boundaries, potentially compromising system integrity. No active exploitation has been confirmed at time of analysis, though the combination of privilege escalation and RCE capability makes this a moderate-priority local threat. | MEDIUM | 5.2 | 0.0% | 26 |
No patch
|
| CVE-2026-40003 | Arbitrary memory writes via USB in ZTE ZX297520V3 BootROM allow physical attackers with USB access to bypass Secure Boot signature verification and achieve unauthorized code execution by exploiting missing target address validation in USB download mode. The vulnerability requires physical device access and user interaction (device boot into download mode), resulting in a CVSS score of 5.1, but enables complete bypass of cryptographic security mechanisms and Secure Boot protections. | MEDIUM | 5.1 | 0.0% | 26 |
No patch
|
| CVE-2026-44407 | Local denial-of-service vulnerability in ZTE Cloud PC client uSmartview allows authenticated local attackers to trigger memory corruption and crash the application through a use of externally-controlled format string (CWE-134). CVSS 4.7 with local attack vector and high complexity indicates limited real-world exploitability; no public exploit identified at time of analysis. | MEDIUM | 4.7 | 0.0% | 24 |
No patch
|