ZTE ZXEDM iEMS product has a password reset vulnerability

CVE	CVE-2026-40436
State	PUBLISHED
Assigner	zte
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-04-13 07:16:50 UTC
Updated	2026-04-13 15:01:43 UTC
Description	The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the passwords of obtained user information, causing risks such as unauthorized operations.

Primary CVSS: v3.1 7.1 HIGH from [email protected]

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS: 0.000390000 probability, percentile 0.115410000 (date 2026-04-15)

Problem Types: CWE‑269 Improper Privilege Management

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Secondary	7.1	HIGH	`CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H`
3.1	CNA	CVSS	7.1	HIGH	`CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H`

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Source	Vendor	Product	Version	Platforms
CNA	ZTE	ZXEDM IEMS	affected ElasticNet_UME_R32_V16.25.42.04	Not specified

Reference	Source	Link	Tags
support.zte.com.cn/zte-iccp-isupport-webui/support/bulletin/security	[email protected]	support.zte.com.cn
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

CNA: Wenwei Shi (en)

There are currently no legacy QID mappings associated with this CVE.