Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product
Summary
| CVE | CVE-2026-49000 |
|---|---|
| State | PUBLISHED |
| Assigner | zte |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-27 05:16:22 UTC |
| Updated | 2026-05-27 19:59:03 UTC |
| Description | An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms. |
Risk And Classification
Primary CVSS: v3.1 7 HIGH from [email protected]
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Problem Types: CWE-310 | CWE-310 CWE-310 Cryptographic Issues
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 7 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L |
| 3.1 | CNA | CVSS | 7 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
LowAvailability
LowCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | ZTE | ZXUniPOS NDS-LTE | affected V24.30.40CP02 and earlier versions | Not specified |
| CNA | ZTE | ZXUniPOS NDS-LTE | affected V24.40.40 and earlier versions | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343394 | [email protected] | support.zte.com.cn | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Venom Nguyen (en)
There are currently no legacy QID mappings associated with this CVE.