CVE-2026-49000

Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

CVSS 7 HIGHEPSS 0.1%CWE-310

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7EPSS 0.1%KEV nãoPoC —Patch —

Lifecycle

27 May 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Affected products

ZTE · ZXUniPOS NDS-LTE

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343394