7.5
CVE-2026-44409
- EPSS 0.22%
- Veröffentlicht 22.05.2026 03:49:56
- Zuletzt bearbeitet 03.06.2026 01:49:05
- Quelle psirt@zte.com.cn
- CVE-Watchlists
- Unerledigt
Information disclosure vulnerability in ZTE MU5250
There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zte ≫ Mu5250 Firmware Version1.0.0b27
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.118 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@zte.com.cn | 5.7 | 2.1 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343342