CVE-2026-40436

HIGH 7.1

ZTE ZXEDM iEMS product has a password reset vulnerability

CVSS Score

7.1

EPSS Score

0.0%

EPSS Percentile

0th

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the passwords of obtained user information, causing risks such as unauthorized operations.

Vendor	zte
Product	zxedm iems
Published	Apr 13, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for zte zxedm iems

Be the first to know when new high vulnerabilities affecting zte zxedm iems are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

ZTE / ZXEDM iEMS

ElasticNet_UME_R32_V16.25.42.04

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.zte.com.cn: https://support.zte.com.cn/zte-iccp-isupport-webui/support/bulletin/security?lang=en_US&t=0.7465962531829456

Credits

Wenwei Shi