{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-49000", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "state": "PUBLISHED", "assignerShortName": "zte", "dateReserved": "2026-05-27T01:01:53.326Z", "datePublished": "2026-05-27T03:38:48.971Z", "dateUpdated": "2026-05-28T03:36:43.477Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2026-05-28T03:36:43.477Z"}, "title": "Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-310", "description": "CWE-310 Cryptographic Issues", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-97", "descriptions": [{"lang": "en", "value": "CAPEC-97 Cryptanalysis"}]}], "affected": [{"vendor": "ZTE", "product": "ZXUniPOS NDS-LTE", "versions": [{"status": "affected", "version": "Versions < V24.40.40CP01 (excluding V24.30.40CP03, V24.40.40CP01)"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.</p><p></p><p><br></p><br>"}]}], "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343394"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"}}], "credits": [{"lang": "en", "value": "Venom Nguyen from VNPT-NET", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-27T18:01:13.138498Z", "id": "CVE-2026-49000", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-27T18:01:20.640Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-49000", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-27T18:01:13.138498Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-27T18:01:17.060Z"}}], "cna": {"title": "Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Venom Nguyen from VNPT-NET"}], "impacts": [{"capecId": "CAPEC-97", "descriptions": [{"lang": "en", "value": "CAPEC-97 Cryptanalysis"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ZTE", "product": "ZXUniPOS NDS-LTE", "versions": [{"status": "affected", "version": "Versions < V24.40.40CP01 (excluding V24.30.40CP03, V24.40.40CP01)"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343394"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.", "supportingMedia": [{"type": "text/html", "value": "<p>An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.</p><p></p><p><br></p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-310", "description": "CWE-310 Cryptographic Issues"}]}], "providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2026-05-28T03:36:43.477Z"}}}, "cveMetadata": {"cveId": "CVE-2026-49000", "state": "PUBLISHED", "dateUpdated": "2026-05-28T03:36:43.477Z", "dateReserved": "2026-05-27T01:01:53.326Z", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "datePublished": "2026-05-27T03:38:48.971Z", "assignerShortName": "zte"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "ZXUniPOS NDS-LTE", "vendor": "ZTE", "versions": [{"status": "affected", "version": "Versions < V24.40.40CP01 (excluding V24.30.40CP03, V24.40.40CP01)"}]}], "source": "psirt@zte.com.cn"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms."}], "id": "CVE-2026-49000", "lastModified": "2026-06-17T10:55:26.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "psirt@zte.com.cn", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-49000", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2026-05-27T18:01:13.138498Z", "version": "2.0.3"}}]}, "published": "2026-05-27T05:16:22.290", "references": [{"source": "psirt@zte.com.cn", "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343394"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "psirt@zte.com.cn", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,24.30.40CP02]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,24.40.40]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ZXUniPOS NDS-LTE", "source": "cna", "vendor": "ZTE"}, "product": "zxunipos_nds-lte", "vendor": "zte"}], "created": "2026-05-27T06:30:05.828015+00:00", "updated": "2026-05-27T09:45:30.666267+00:00", "vendors": ["zte", "zte$PRODUCT$zxunipos_nds-lte"]}