CVE-2026-40003

MEDIUM 5.1

USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM

CVSS Score

5.1

EPSS Score

0.0%

EPSS Percentile

0th

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypassing the Secure Boot signature verification mechanism, and achieving unauthorized code execution.

CWE	CWE-787
Vendor	zte
Product	zx297520v3 bootrom
Published	May 7, 2026

Stay Ahead of the Next One

Get instant alerts for zte zx297520v3 bootrom

Be the first to know when new medium vulnerabilities affecting zte zx297520v3 bootrom are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

Low

Affected Versions

ZTE / ZX297520V3 BootROM

7520V3 chip

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.zte.com.cn: https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2144487415169560645

Credits

rva3