8.8
CVE-2026-40002
- EPSS 0.12%
- Veröffentlicht 17.04.2026 07:40:58
- Zuletzt bearbeitet 08.07.2026 03:29:04
- Quelle psirt@zte.com.cn
- CVE-Watchlists
- Unerledigt
ZTE Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations.
Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zte ≫ Nubia-in Nx809j Firmware Version < GEN_NEEA_NX809JV1.0.0B16MR1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.023 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| psirt@zte.com.cn | 5 | 0.8 | 3.7 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/8224335890517684583