CVE-2026-49000

HIGH

Cryptography implementation flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

Title source: cna
STIX 2.1

Description

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.

Scores

CVSS v3 7.0
EPSS 0.0012
EPSS Percentile 2.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-310
Status published
Products (3)
ZTE/ZXUniPOS NDS-LTE V24.30.40CP02 and earlier versions
ZTE/ZXUniPOS NDS-LTE V24.40.40 and earlier versions
ZTE/ZXUniPOS NDS-LTE Versions < V24.40.40CP01 (excluding V24.30.40CP03, V24.40.40CP01)
Published May 27, 2026
Tracked Since May 27, 2026