{"api_version":"1","generated_at":"2026-05-27T22:56:53+00:00","cve":"CVE-2026-49000","urls":{"html":"https://cve.report/CVE-2026-49000","api":"https://cve.report/api/cve/CVE-2026-49000.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-49000","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-49000"},"summary":{"title":"Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product","description":"An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.","state":"PUBLISHED","assigner":"zte","published_at":"2026-05-27 05:16:22","updated_at":"2026-05-27 19:59:03"},"problem_types":["CWE-310","CWE-310 CWE-310 Cryptographic Issues"],"metrics":[{"version":"3.1","source":"psirt@zte.com.cn","type":"Secondary","score":"7","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","version":"3.1"}}],"references":[{"url":"https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343394","name":"https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343394","refsource":"psirt@zte.com.cn","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-49000","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-49000","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"ZTE","product":"ZXUniPOS NDS-LTE","version":"affected V24.30.40CP02 and earlier versions","platforms":[]},{"source":"CNA","vendor":"ZTE","product":"ZXUniPOS NDS-LTE","version":"affected V24.40.40 and earlier versions","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Venom Nguyen","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-49000","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-27T18:01:13.138498Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-27T18:01:20.640Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"ZXUniPOS NDS-LTE","vendor":"ZTE","versions":[{"status":"affected","version":"V24.30.40CP02 and earlier versions"},{"status":"affected","version":"V24.40.40 and earlier versions"}]}],"credits":[{"lang":"en","type":"finder","value":"Venom Nguyen"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.</p><p></p><p><br></p><br>"}],"value":"An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms."}],"impacts":[{"capecId":"CAPEC-97","descriptions":[{"lang":"en","value":"CAPEC-97 Cryptanalysis"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-310","description":"CWE-310 Cryptographic Issues","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-27T07:29:59.433Z","orgId":"6786b568-6808-4982-b61f-398b0d9679eb","shortName":"zte"},"references":[{"url":"https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343394"}],"source":{"discovery":"UNKNOWN"},"title":"Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"6786b568-6808-4982-b61f-398b0d9679eb","assignerShortName":"zte","cveId":"CVE-2026-49000","datePublished":"2026-05-27T03:38:48.971Z","dateReserved":"2026-05-27T01:01:53.326Z","dateUpdated":"2026-05-27T18:01:20.640Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-27 05:16:22","lastModifiedDate":"2026-05-27 19:59:03","problem_types":["CWE-310","CWE-310 CWE-310 Cryptographic Issues"],"metrics":{"cvssMetricV31":[{"source":"psirt@zte.com.cn","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.7}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"49000","Ordinal":"1","Title":"Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS N","CVE":"CVE-2026-49000","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"49000","Ordinal":"1","NoteData":"An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.","Type":"Description","Title":"Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS N"}]}}}