Description
A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
Published: 2026-05-07
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ZTE Cloud PC client uSmartview contains a vulnerability identified as CWE‑134, which typically represents a format‑string issue, though the description only notes memory corruption. This flaw can be exploited remotely, leading to a crash of the client process and denial of service.

Affected Systems

Affected systems include ZTE’s Cloud PC Client, known as uSmartview, that runs on the ZTE:ZXCLOUD iRAI platform. No specific product versions are listed as vulnerable, implying that all releases of the client before the vendor fix are potentially affected.

Risk and Exploitability

The CVSS score of 4.7 denotes a moderate severity. Because the flaw can be triggered remotely, the expected attack vector is network‑based. The EPSS score of 0.00043 (below 1%) indicates a very low probability of active exploitation in the wild, and the vulnerability is not listed in CISA’s KEV catalog, further suggesting limited public use. Nonetheless, an attacker that can send specially crafted data to the client could cause memory corruption that crashes the process and denies service to legitimate users. The associated CWE‑134 indicates a format‑string weakness; while the description does not explicitly confirm the exact flaw type, the reported memory corruption is consistent with such an issue.

Generated by OpenCVE AI on May 11, 2026 at 18:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ZTE Cloud PC Client uSmartview to the latest vendor‑provided version that contains the security fix.
  • Restrict or block network traffic to the client from untrusted networks, disabling the ports that expose the vulnerable functionality.
  • Monitor system logs and process stability for anomalous crashes that may indicate attempted exploitation.

Generated by OpenCVE AI on May 11, 2026 at 18:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:zte:zxcloud_irai:*:*:*:*:*:*:*:*

Thu, 07 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 07 May 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Zte
Zte zxcloud Irai
Vendors & Products Zte
Zte zxcloud Irai

Thu, 07 May 2026 08:30:00 +0000

Type Values Removed Values Added
Description A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
Title Remote Denial of Service Vulnerability Exists in ZTE Cloud PC Client uSmartview
Weaknesses CWE-134
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Zte Zxcloud Irai
cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published:

Updated: 2026-05-07T13:40:51.376Z

Reserved: 2026-05-06T08:50:27.676Z

Link: CVE-2026-44407

cve-icon Vulnrichment

Updated: 2026-05-07T13:40:47.802Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-07T09:16:27.617

Modified: 2026-05-11T16:41:40.233

Link: CVE-2026-44407

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T18:30:05Z

Weaknesses