216.73.217.172

CVE-2026-40003

· Published 07/05/2026 02:16 · Modified 07/05/2026 14:56

Labels: CVE-2026-40003 2026-05-07CVE-2026-40003CWE-787[email protected]

Essential information

Published
07/05/2026 02:16
Modified
07/05/2026 14:56
Author
Creator
CVSS
5.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

CVSS metrics

Description

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypassing the Secure Boot signature verification mechanism, and achieving unauthorized code execution.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zte / zte zx297520v3 cpe:2.3:a:zte:zte_zx297520v3:*:*:*:*:*:*:*:*

References