CVE 9.1 CRITICAL

Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product_CVE-2026-49002

May 27, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.

AI Analysis

Broken Access Control vulnerability allowing unauthorized access to system data

Basic Information

ID CVE-2026-49002

Source zte

Published May 27, 2026 at 08:19

Affected Product

Vendor ZTE

Product ZXUniPOS NDS-LTE

Version V24.30.40CP02 and earlier versions, V24.40.40 and earlier versions

Affected Versions ZTE ZXUniPOS NDS-LTE V24.30.40CP02 and earlier versions
ZTE ZXUniPOS NDS-LTE V24.40.40 and earlier versions

CWE Classification

CWE-284

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor ZTE

Product ZXUniPOS NDS-LTE

Version V24.30.40CP02 and earlier versions, V24.40.40 and earlier versions

References

support.zte.com.cn /zte-iccp-isupport-webui/bulletin/detail/6783201397271515377

{
    "lastseen": "",
    "description": "Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.",
    "published": "2026-05-27T08:19:15.774Z",
    "modified": "2026-05-27T08:19:15.774Z",
    "type": "cve",
    "title": "Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product",
    "source": "zte",
    "references": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/6783201397271515377",
    "id": "CVE-2026-49002",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "ZTE ZXUniPOS NDS-LTE V24.30.40CP02 and earlier versions\nZTE ZXUniPOS NDS-LTE V24.40.40 and earlier versions",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ZXUniPOS NDS-LTE",
    "version": "V24.30.40CP02 and earlier versions, V24.40.40 and earlier versions",
    "vendor": "ZTE",
    "ai_description": "Broken Access Control vulnerability allowing unauthorized access to system data",
    "ai_severity": "Critical",
    "ai_vendor": "ZTE",
    "ai_product": "ZXUniPOS NDS-LTE",
    "ai_version": "V24.30.40CP02 and earlier versions, V24.40.40 and earlier versions",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply