CVE-2026-49000— Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

CVSS 7.0 · High EPSS 0.02% · P7 Updated May 28, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 1

Vendor	Product	Version Range	Status
ZTE	ZXUniPOS NDS-LTE	`Versions < V24.40.40CP01 (excluding V24.30.40CP03, V24.40.40CP01)`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

Source: NVD (National Vulnerability Database)

Vulnerability Description

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

加密问题

Source: NVD (National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
ZTE	ZXUniPOS NDS-LTE	Versions < V24.40.40CP01 (excluding V24.30.40CP03, V24.40.40CP01)	-

II. Public POCs for CVE-2026-49000

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-49000

请登录查看更多情报信息。

Vendor Pages for CVE-2026-49000 (1)

🔗 UAC

https://nvd.nist.gov/vuln/detail/CVE-2026-49000

Same Patch Batch · ZTE · 2026-05-27 · 4 CVEs total

CVE-2026-49002	9.1 CRITICAL	Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product
CVE-2026-48999	5.7 MEDIUM	Stored Cross-Site Scripting (XSS) vulnerability in ZTE ZXUniPOS NDS-LTE product
CVE-2026-49001	5.3 MEDIUM	Cross-Site Request Forgery (CSRF) vulnerability in ZTE ZXUniPOS NDS-LTE product

IV. Related Vulnerabilities

Same product: ZXUniPOS NDS-LTE

Same vendor: ZTE

Same weakness: CWE-310

V. Comments for CVE-2026-49000

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-49000— Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

Possible ATT&CK Techniques 1AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-49000

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-49000

III. Intelligence Information for CVE-2026-49000

Vendor Pages for CVE-2026-49000 (1)

Same Patch Batch · ZTE · 2026-05-27 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-49000

Leave a comment