CVE-2026-44410 PUBLISHED

Function Abusement Vulnerability in ZTE ZXUniPOS NDS-LTE

Assigner: zte
Reserved: 06.05.2026 Published: 26.05.2026 Updated: 26.05.2026

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
CVSS Score: 3.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	High	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	ZTE
Product	ZXUniPOS NDS-LTE
Versions	Default: unaffected Version V24.40.40 is affected Version V24.30.40CP02 is affected

Credits

Venom Nguyen finder

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343383

Problem Types

CWE-1240 Use of a cryptographic primitive with a risky implementation CWE

Impacts

CAPEC-212 Functionality Misuse