CVE-2026-40003

CVSS Score & Metrics

Base Score

5.1 / 10

Vector String

                                        CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L                                    

Vulnerability Description

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypassing the Secure Boot signature verification mechanism, and achieving unauthorized code execution.

Vulnerability Details

Published Date

May 07, 2026

Last Modified

May 07, 2026

CWE ID

CWE-787

Source

NVD

Vendor

ZTE

Product

ZX297520V3 BootROM

External References

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2144487415169560645

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment