CVE-2026-40003 - Vulnerability Analysis
MediumCVSS: 5.1Last Updated: May 7, 2026
ZTE ZX297520V3 BootROM - Authentication Bypass & Remote Code Execution
Published: May 7, 2026Updated: May 7, 2026PoC Available
Overview
ZTE ZX297520V3 BootROM contains an arbitrary memory write vulnerability caused by lack of target address validation in USB download mode, letting attackers hijack execution flow and bypass Secure Boot for unauthorized code execution, exploit requires USB access.
Severity & Score
Severity: Medium
CVSS Score: 5.1
Impact
Attackers can execute unauthorized code by hijacking execution flow and bypassing Secure Boot, leading to full system compromise.
Mitigation
Update to the latest firmware version with security patches from ZTE.
Related Resources
Details
- CVE ID
- CVE-2026-40003
- Severity
- Medium
- CVSS Score
- 5.1
- Type
- undefined
- Status
- unconfirmed
CWE
- CWE-787
CVSS Metrics
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L