CVE-2026-40004 PUBLISHED

openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview

Assigner: zte
Reserved: 08.04.2026 Published: 07.05.2026 Updated: 07.05.2026

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N
CVSS Score: 5.5

Attack Vector	Physical	Scope	Changed
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	Low
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	ZTE
Product	ZXCLOUD iRAI
Versions	Default: unaffected Version ZXCLOUD-iRAI-ClientV7.2X is affected

Credits

Runzi Zhao, Feng Ye and Ziwei Wang finder

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3126272076755775573

Problem Types

CWE-427 Uncontrolled Search Path Element CWE

Impacts

CAPEC-38 Leveraging/Manipulating Configuration File Search Paths