Description
The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the passwords of obtained user information, causing risks such as unauthorized operations.
Published: 2026-04-13
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ZTE ZXEDM iEMS product allows any authenticated or unauthenticated user to obtain the full list of user accounts from the cloud EMS portal because the system does not enforce proper access controls on the user‑list endpoint. Once an attacker has the list, they can reset the passwords of those accounts, effectively taking over those user identities and gaining unauthorized control over the device. This flaw is a classic example of an authorization bypass that enables privilege escalation and arbitrary operation on the managed network device.

Affected Systems

All installations of ZTE’s ZXEDM iEMS, including the version referenced by the CPE statement (16.25.42.04), are potentially vulnerable. The advisory does not specify a narrower version bound, so operators should assume the entire product family is affected until an update is applied.

Risk and Exploitability

The CVSS base score of 7.1 signals high severity. Exploitation can be carried out remotely via the EMS web interface, requiring no special credentials beyond access to the portal. The EPSS score is below 1%, indicating a very low probability of widespread exploitation, and the vulnerability is not present in the CISA KEV catalog. Nonetheless, the potential to gain full control of the device makes it a significant risk for operators who have not yet deployed a vendor patch.

Generated by OpenCVE AI on May 7, 2026 at 00:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security patch or firmware update for ZTE ZXEDM iEMS released by ZTE support
  • Limit access to the user list and password reset API endpoints to accounts with administrative privileges only, and enforce two‑factor authentication where possible
  • If a patch is not immediately available, disable the password reset functionality or restrict it to a protected administrative portal
  • Implement intrusion detection on the EMS portal to alert on anomalous password‑reset activity
  • Configure the device according to hardening guidelines to enforce least privilege and secure authentication mechanisms

Generated by OpenCVE AI on May 7, 2026 at 00:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Zte zxesm Iems
CPEs cpe:2.3:a:zte:zxedm_iems:16.25.42.04:*:*:*:*:*:*:* cpe:2.3:a:zte:zxesm_iems:16.25.42.04:*:*:*:*:*:*:*
Vendors & Products Zte zxesm Iems

Wed, 06 May 2026 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Wed, 06 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:zte:zxedm_iems:16.25.42.04:*:*:*:*:*:*:*

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Zte
Zte zxedm Iems
Vendors & Products Zte
Zte zxedm Iems

Mon, 13 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the passwords of obtained user information, causing risks such as unauthorized operations.
Title ZTE ZXEDM iEMS product has a password reset vulnerability
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Zte Zxedm Iems Zxesm Iems
cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published:

Updated: 2026-04-13T13:01:38.521Z

Reserved: 2026-04-13T03:09:12.226Z

Link: CVE-2026-40436

cve-icon Vulnrichment

Updated: 2026-04-13T13:01:35.001Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T07:16:50.393

Modified: 2026-05-12T19:10:40.347

Link: CVE-2026-40436

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T00:15:05Z

Weaknesses