Description
The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the passwords of obtained user information, causing risks such as unauthorized operations.
Published: 2026-04-13
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access via Password Reset
Action: Immediate Patch
AI Analysis

Impact

The ZTE ZXEDM iEMS product allows any user to reset passwords because the cloud EMS portal does not enforce proper access control over the user list acquisition function. An attacker who can read the user list can then reset the passwords of the returned accounts, granting the attacker unauthorized operations on the system. This flaw enables attackers to elevate privileges or take full control of managed devices without legitimate credentials.

Affected Systems

The vulnerability applies to ZTE's ZXEDM iEMS product. No specific versions are listed, so all deployed instances of this product are potentially affected until a patch is applied.

Risk and Exploitability

The CVSS base score of 7.1 indicates a high severity vulnerability. Exploitation requires access to the cloud EMS portal; the description suggests it can be performed remotely via that interface. The EPSS score is not available, and the vulnerability is not currently listed in the CISA KEV catalog, but its high impact and lack of controls make it a significant risk for operators who have not yet applied a vendor fix.

Generated by OpenCVE AI on April 13, 2026 at 08:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact ZTE support to obtain and deploy the latest security patch or firmware update for ZXEDM iEMS
  • Restrict access to the user list and password reset endpoints to privileged administrative accounts only
  • Disable or secure the password reset feature until proper authentication controls are in place
  • Implement monitoring on the EMS portal to detect anomalous password reset activity and unauthorized changes
  • Apply secure configuration hardening guidelines for cloud-managed network devices

Generated by OpenCVE AI on April 13, 2026 at 08:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Zte
Zte zxedm Iems
Vendors & Products Zte
Zte zxedm Iems

Mon, 13 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the passwords of obtained user information, causing risks such as unauthorized operations.
Title ZTE ZXEDM iEMS product has a password reset vulnerability
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Zte Zxedm Iems
cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published:

Updated: 2026-04-13T13:01:38.521Z

Reserved: 2026-04-13T03:09:12.226Z

Link: CVE-2026-40436

cve-icon Vulnrichment

Updated: 2026-04-13T13:01:35.001Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T07:16:50.393

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-40436

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:52:40Z

Weaknesses