CVE-2026-44410

LOW

Function Abusement Vulnerability in ZTE ZXUniPOS NDS-LTE

Title source: cna
STIX 2.1

Description

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.

Scores

CVSS v3 3.8
EPSS 0.0013
EPSS Percentile 3.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-1240
Status published
Products (3)
ZTE/ZXUniPOS NDS-LTE V24.30.40CP02
ZTE/ZXUniPOS NDS-LTE V24.40.40
ZTE/ZXUniPOS NDS-LTE Versions < V25.30.40
Published May 26, 2026
Tracked Since May 26, 2026