Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-44408

Summary
Assigner-zte
Assigner Org ID-6786b568-6808-4982-b61f-398b0d9679eb
Published At-19 May, 2026 | 07:45
Updated At-19 May, 2026 | 13:24
Rejected At-
Credits

Unauthorized access vulnerability in ZTE MU5250

There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker canĀ  modify configuration through the interface.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zte
Assigner Org ID:6786b568-6808-4982-b61f-398b0d9679eb
Published At:19 May, 2026 | 07:45
Updated At:19 May, 2026 | 13:24
Rejected At:
ā–¼CVE Numbering Authority (CNA)
Unauthorized access vulnerability in ZTE MU5250

There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker canĀ  modify configuration through the interface.

Affected Products
Vendor
ZTE CorporationZTE
Product
MU5250
Default Status
unaffected
Versions
Affected
  • BD_FLYMODEMMU5250V1.0.0B27
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-1CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC ID: CAPEC-1
Description: CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Duc Anh Nguyen from NTCS&TinyxLab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2657904255874650158
N/A
Hyperlink: https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2657904255874650158
Resource: N/A
ā–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@zte.com.cn
Published At:19 May, 2026 | 09:16
Updated At:19 May, 2026 | 14:50

There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker canĀ  modify configuration through the interface.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-200Secondarypsirt@zte.com.cn
CWE ID: CWE-200
Type: Secondary
Source: psirt@zte.com.cn
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2657904255874650158psirt@zte.com.cn
N/A
Hyperlink: https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2657904255874650158
Source: psirt@zte.com.cn
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2025-26710
Matching Score-6
Assigner-ZTE Corporation
ShareView Details
Matching Score-6
Assigner-ZTE Corporation
CVSS Score-3.5||LOW
EPSS-0.02% / 6.05%
||
7 Day CHG~0.00%
Published-16 Sep, 2025 | 09:14
Updated-16 Sep, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an an information disclosure vulnerability in ZTE T5400. Due to improper configuration of the access control mechanism, attackers can obtain information through interfaces without authorization, causing the risk of information disclosure.

Action-Not Available
Vendor-ZTE Corporation
Product-T5400
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-26709
Matching Score-6
Assigner-ZTE Corporation
ShareView Details
Matching Score-6
Assigner-ZTE Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.04% / 13.42%
||
7 Day CHG~0.00%
Published-15 Aug, 2025 | 10:35
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized Access Vulnerability in ZTE F50

There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface

Action-Not Available
Vendor-ZTE Corporation
Product-F50
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-26711
Matching Score-6
Assigner-ZTE Corporation
ShareView Details
Matching Score-6
Assigner-ZTE Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.03% / 8.56%
||
7 Day CHG~0.00%
Published-16 Sep, 2025 | 09:35
Updated-16 Sep, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface.

Action-Not Available
Vendor-ZTE Corporation
Product-T5400
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-44409
Matching Score-6
Assigner-ZTE Corporation
ShareView Details
Matching Score-6
Assigner-ZTE Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 5.22%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 03:49
Updated-22 May, 2026 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure vulnerability in ZTE MU5250

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure.

Action-Not Available
Vendor-ZTE Corporation
Product-MU5250
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-3422
Matching Score-6
Assigner-ZTE Corporation
ShareView Details
Matching Score-6
Assigner-ZTE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 21.55%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 19:18
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security.

Action-Not Available
Vendor-ZTE Corporation
Product-mf910smf910s_firmwareMF910S
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-7360
Matching Score-6
Assigner-ZTE Corporation
ShareView Details
Matching Score-6
Assigner-ZTE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.10% / 27.36%
||
7 Day CHG~0.00%
Published-16 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service.

Action-Not Available
Vendor-ZTE Corporation
Product-zxhn_f670_firmwarezxhn_f670ZXHN F670
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Details not found