CVE-2026-49002— Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product
Possible ATT&CK Techniques 1AI
T1078 · Valid AccountsAffected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ZTE | ZXUniPOS NDS-LTE | V24.30.40CP02 and earlier versions | affected |
V24.40.40 and earlier versions | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-49002
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product
Source: NVD (National Vulnerability Database)
Vulnerability Description
Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ZTE | ZXUniPOS NDS-LTE | Versions < V24.40.40CP01 (excluding V24.30.40CP03, V24.40.40CP01) | - |
II. Public POCs for CVE-2026-49002
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-49002
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-49002 (1)
Same Patch Batch · ZTE · 2026-05-27 · 4 CVEs total
| CVE-2026-49000 | 7.0 HIGH | Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product |
| CVE-2026-48999 | 5.7 MEDIUM | Stored Cross-Site Scripting (XSS) vulnerability in ZTE ZXUniPOS NDS-LTE product |
| CVE-2026-49001 | 5.3 MEDIUM | Cross-Site Request Forgery (CSRF) vulnerability in ZTE ZXUniPOS NDS-LTE product |
IV. Related Vulnerabilities
Same product: ZXUniPOS NDS-LTE
Same vendor: ZTE
- CVE-2026-49001
Cross-Site Request Forgery (CSRF) vulnerability in ZTE ZXUni - CVE-2026-49000
Cryptography Implementation Flaw vulnerability in ZTE ZXUniP - CVE-2026-48999
Stored Cross-Site Scripting (XSS) vulnerability in ZTE ZXUni - CVE-2026-44410
Function Abusement Vulnerability in ZTE ZXUniPOS NDS-LTE - CVE-2026-44409
Information disclosure vulnerability in ZTE MU5250
Same weakness: CWE-284
- CVE-2026-32995
Rocket.Chat未授权访问漏洞 - CVE-2026-46416
Microsoft UFO shared WebSocket handler state causes cross-cl - CVE-2026-47269
pam_usb: deny_remote feature incorrectly classifies IPv4-map - CVE-2026-1933
Samba: missing access check on reparse point operations - CVE-2026-48906
Extension - tassos.gr - Arbitrary File Deletion in Novarain/
V. Comments for CVE-2026-49002
No comments yet