{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-49000", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "state": "PUBLISHED", "assignerShortName": "zte", "dateReserved": "2026-05-27T01:01:53.326Z", "datePublished": "2026-05-27T03:38:48.971Z", "dateUpdated": "2026-05-27T07:29:59.433Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2026-05-27T07:29:59.433Z"}, "title": "Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-310", "description": "CWE-310 Cryptographic Issues", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-97", "descriptions": [{"lang": "en", "value": "CAPEC-97 Cryptanalysis"}]}], "affected": [{"vendor": "ZTE", "product": "ZXUniPOS NDS-LTE", "versions": [{"status": "affected", "version": "V24.30.40CP02 and earlier versions"}, {"status": "affected", "version": "V24.40.40 and earlier versions"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.</p><p></p><p><br></p><br>"}]}], "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343394"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"}}], "credits": [{"lang": "en", "value": "Venom Nguyen", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms."}], "id": "CVE-2026-49000", "lastModified": "2026-05-27T05:16:22.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 4.7, "source": "psirt@zte.com.cn", "type": "Secondary"}]}, "published": "2026-05-27T05:16:22.290", "references": [{"source": "psirt@zte.com.cn", "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343394"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "psirt@zte.com.cn", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,24.30.40CP02]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,24.40.40]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ZXUniPOS NDS-LTE", "source": "cna", "vendor": "ZTE"}, "product": "zxunipos_nds-lte", "vendor": "zte"}], "created": "2026-05-27T06:30:05.828015+00:00", "updated": "2026-05-27T06:30:06.104068+00:00", "vendors": ["zte", "zte$PRODUCT$zxunipos_nds-lte"]}