CRITICALCVE-2026-49002Published 2026-05-27Modified 2026-05-28CNA zte

CVE-2026-49002: Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.

CVSS v3.1: 9.1
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

ZTE / ZXUniPOS NDS-LTE
Versions < V24.40.40CP01 (excluding V24.30.40CP03, V24.40.40CP01)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

support.zte.com.cn

Metrics