Aggregates CVE and security vulnerability intelligence across all ZTE-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk input validation, vendor risk sql injection, and vendor risk csrf and related problems; some flaws may lead to vendor impact unexpected behavior and vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-44409 | There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure. | [email protected] | 5.7 | 0.02% | 2026-05-22 | 2026-06-03 |
| CVE-2026-44407 | A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service. | [email protected] | 4.7 | 0.03% | 2026-05-07 | 2026-05-11 |
| CVE-2026-44406 | ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption. | [email protected] | 5.7 | 0.01% | 2026-05-07 | 2026-05-08 |
| CVE-2026-40004 | There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges. | [email protected] | 5.5 | 0.01% | 2026-05-07 | 2026-05-13 |
| CVE-2026-40003 | ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypassing the Secure Boot signature verification mechanism, and achieving unauthorized code execution. | [email protected] | 5.1 | 0.02% | 2026-05-07 | 2026-05-13 |
| CVE-2026-40436 | The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the passwords of obtained user information, causing risks such as unauthorized operations. | [email protected] | 7.1 | 0.04% | 2026-04-13 | 2026-05-12 |
| CVE-2026-34472 | Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK, and PPPoE credentials. In some observed cases, configuration changes may also be performed without authentication. | [email protected] | 7.1 | 0.83% | 2026-03-30 | 2026-05-26 |
| CVE-2025-66315 | There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory. | [email protected] | 4.3 | 0.05% | 2026-01-09 | 2026-03-12 |
| CVE-2025-46580 | There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL. | [email protected] | 7.7 | 0.31% | 2025-04-27 | 2025-05-12 |
| CVE-2025-46579 | There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed. | [email protected] | 8.4 | 0.17% | 2025-04-27 | 2025-05-12 |
| CVE-2025-46578 | There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information. | [email protected] | 6.5 | 0.16% | 2025-04-27 | 2025-05-12 |
| CVE-2025-46577 | There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information. | [email protected] | 6.5 | 0.16% | 2025-04-27 | 2025-05-12 |
| CVE-2025-46576 | There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content. | [email protected] | 5.4 | 0.24% | 2025-04-27 | 2025-05-12 |
| CVE-2025-46575 | There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. | [email protected] | 4.9 | 0.31% | 2025-04-27 | 2025-05-12 |
| CVE-2025-46574 | There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. | [email protected] | 4.1 | 0.20% | 2025-04-27 | 2025-05-12 |
| CVE-2025-26706 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07. | [email protected] | 5.4 | 0.15% | 2025-03-11 | 2025-03-19 |
| CVE-2025-26705 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | [email protected] | 5.3 | 0.33% | 2025-03-11 | 2025-03-19 |
| CVE-2025-26704 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | [email protected] | 6.4 | 0.05% | 2025-03-11 | 2025-03-19 |
| CVE-2025-26703 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. | [email protected] | 4.3 | 0.26% | 2025-03-11 | 2025-03-19 |
| CVE-2025-26702 | Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. | [email protected] | 4.9 | 0.15% | 2025-03-11 | 2025-03-19 |