CVE-2026-44409

MEDIUM 5.7

Information disclosure vulnerability in ZTE MU5250

CVSS Score

5.7

EPSS Score

0.0%

EPSS Percentile

5th

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure.

CWE	CWE-200
Vendor	zte
Product	mu5250
Published	May 22, 2026
Last Updated	May 22, 2026

Stay Ahead of the Next One

Get instant alerts for zte mu5250

Be the first to know when new medium vulnerabilities affecting zte mu5250 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

ZTE / MU5250

BD_FLYMODEMMU5250V1.0.0B27

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.zte.com.cn: https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343342

Credits

Duc Anh Nguyen （from NTCS&TinyxLab）