EIP-2026-118213

PRE-CVE

ZTE PC UI USB Modem Software - Local Buffer Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118213. PoCs published by R-73eN.

AI-analyzed exploit summary This Python script generates a malicious 'evil.txt' file that exploits a buffer overflow vulnerability in ZTE PC UI USB Modem Software. The exploit triggers when importing the file via the PhoneBook menu, leading to arbitrary code execution (e.g., launching calc.exe).

Description

ZTE PC UI USB Modem Software - Local Buffer Overflow

Exploits (1)

exploitdb WORKING POC

by R-73eN · pythonlocalwindows

https://www.exploit-db.com/exploits/38219

View Code ZIP pw:eip

This Python script generates a malicious 'evil.txt' file that exploits a buffer overflow vulnerability in ZTE PC UI USB Modem Software. The exploit triggers when importing the file via the PhoneBook menu, leading to arbitrary code execution (e.g., launching calc.exe).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ZTE PC UI USB Modem Software (Eagle Speed PCW_EAGLEALBp671A1V1.0.0B02)

No auth needed

Prerequisites: Victim must open the malicious file in the vulnerable software

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026