Cryptography implementation flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L

Description

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.

Basic Information

ID CVE-2026-49000

Source zte

Published May 27, 2026 at 03:38

Modified May 27, 2026 at 03:49

Affected Product

Vendor ZTE

Product ZXUniPOS NDS-LTE

Version V24.30.40CP02 and earlier versions

Affected Versions ZTE ZXUniPOS NDS-LTE V24.30.40CP02 and earlier versions
ZTE ZXUniPOS NDS-LTE V24.40.40 and earlier versions

CWE Classification

CWE-310

References

support.zte.com.cn /zte-iccp-isupport-webui/bulletin/detail/3711746568357343394

{
    "lastseen": "",
    "description": "An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.",
    "published": "2026-05-27T03:38:48.971Z",
    "modified": "2026-05-27T03:49:03.418Z",
    "type": "cve",
    "title": "Cryptography implementation flaw vulnerability in ZTE ZXUniPOS NDS-LTE product",
    "source": "zte",
    "references": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343394",
    "id": "CVE-2026-49000",
    "bulletinFamily": "",
    "cwe": [
        "CWE-310"
    ],
    "cvelist": null,
    "sourceData": "ZTE ZXUniPOS NDS-LTE V24.30.40CP02 and earlier versions\nZTE ZXUniPOS NDS-LTE V24.40.40 and earlier versions",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ZXUniPOS NDS-LTE",
    "version": "V24.30.40CP02 and earlier versions",
    "vendor": "ZTE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cryptography implementation flaw vulnerability in ZTE ZXUniPOS NDS-LTE product_CVE-2026-49000