CVE-2026-40004

MEDIUM

ZTE uSmartView openssl.cnf - Local Privilege Escalation

Title source: manual
STIX 2.1

Description

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.

Scores

CVSS v3 5.5
EPSS 0.0014
EPSS Percentile 3.5%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-427
Status published
Products (2)
ZTE/ZXCLOUD iRAI ZXCLOUD-iRAI-ClientV7.2X
zte/zxcloud_irai 7.23.20 - 7.25.43
Published May 07, 2026
Tracked Since May 07, 2026