CVE-2026-40002

MEDIUM

ZTE Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations.

Title source: cna

Description

Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.

References (1)

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/8224335890517684583

Scores

CVSS v3 5.0

EPSS 0.0001

EPSS Percentile 0.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Details

CWE

CWE-269

Status published

Products (1)

ZTE/Red Magic 11 Pro (NX809J) GEN_NEEA_NX809J V1.0.0B14MR1 - V1.0.0B14MR1

Published Apr 17, 2026

Tracked Since Apr 17, 2026