ZTE Red Magic 11 Pro (NX809J) contains a vulnerability that...

5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Description

Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.

Basic Information

ID CVE-2026-40002

Source zte

Published Apr 17, 2026 at 07:40

Affected Product

Vendor ZTE

Product Red Magic 11 Pro (NX809J)

Version GEN_NEEA_NX809J V1.0.0B14MR1

Affected Versions ZTE Red Magic 11 Pro (NX809J) GEN_NEEA_NX809J V1.0.0B14MR1

CWE Classification

CWE-269

References

support.zte.com.cn /zte-iccp-isupport-webui/bulletin/detail/8224335890517684583

{
    "lastseen": "",
    "description": "Red Magic 11 Pro (NX809J)\u00a0contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.",
    "published": "2026-04-17T07:40:58.277Z",
    "modified": "2026-04-17T07:40:58.277Z",
    "type": "cve",
    "title": "ZTE Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations.",
    "source": "zte",
    "references": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/8224335890517684583",
    "id": "CVE-2026-40002",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "ZTE Red Magic 11 Pro (NX809J) GEN_NEEA_NX809J V1.0.0B14MR1",
    "sourceHref": "",
    "cvss": {
        "score": 5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Red Magic 11 Pro (NX809J)",
    "version": "GEN_NEEA_NX809J V1.0.0B14MR1",
    "vendor": "ZTE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

ZTE Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations._CVE-2026-40002