CVE-2026-44410
Function Abusement Vulnerability in ZTE ZXUniPOS NDS-LTE
In short
A flaw in ZTE ZXUniPOS NDS-LTE allows attackers to misuse legitimate features of the application in ways not intended by designers, potentially causing harm.
Technical detail
This business logic vulnerability in ZTE ZXUniPOS NDS-LTE permits attackers to invoke legitimate application functions in abnormal sequences or with unexpected parameter combinations, deviating from design constraints. The vulnerability requires application access and allows circumvention of intended operational workflows, resulting in unauthorized application behavior.
Summary generated and translated by AI from the official description.
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Affected products
ZTE · ZXUniPOS NDS-LTEWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →