CVE-2026-44410

LOW 3.8

Function Abusement Vulnerability in ZTE ZXUniPOS NDS-LTE

CVSS Score

3.8

EPSS Score

0.0%

EPSS Percentile

7th

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.

CWE	CWE-1240
Vendor	zte
Product	zxunipos nds-lte
Published	May 26, 2026
Last Updated	May 28, 2026

Stay Ahead of the Next One

Get instant alerts for zte zxunipos nds-lte

Be the first to know when new low vulnerabilities affecting zte zxunipos nds-lte are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Affected Versions

ZTE / ZXUniPOS NDS-LTE

Versions < V25.30.40

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.zte.com.cn: https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343383

Credits

Venom Nguyen from VNPT-NET