CVE-2026-40003— USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40003
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM
Source: NVD (National Vulnerability Database)
Vulnerability Description
ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypassing the Secure Boot signature verification mechanism, and achieving unauthorized code execution.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
ZTE ZX297520V3 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ZTE ZX297520V3是中国中兴通讯(ZTE)公司的一款工业级4G模组。 ZTE ZX297520V3存在缓冲区错误漏洞,该漏洞源于USB下载模式缺乏目标地址验证,可能导致任意内存写入,进而覆盖堆栈、劫持执行流程、绕过安全启动签名验证机制并实现未授权代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ZTE | ZX297520V3 BootROM | 7520V3 chip | - |
II. Public POCs for CVE-2026-40003
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40003
请登录查看更多情报信息。
Same Patch Batch · ZTE · 2026-05-07 · 4 CVEs total
| CVE-2026-44406 | 5.7 MEDIUM | DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview |
| CVE-2026-40004 | 5.5 MEDIUM | openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview |
| CVE-2026-44407 | 4.7 MEDIUM | Remote Denial of Service Vulnerability Exists in ZTE Cloud PC Client uSmartview |
IV. Related Vulnerabilities
Same vendor: ZTE
- CVE-2026-44407
Remote Denial of Service Vulnerability Exists in ZTE Cloud P - CVE-2026-44406
DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartvie - CVE-2026-40004
openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud - CVE-2026-40001
Local privilege escalation vulnerability in ZTE PROCESS Guar - CVE-2026-40002
ZTE Red Magic 11 Pro (NX809J) contains a vulnerability that
V. Comments for CVE-2026-40003
No comments yet