Description
A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
Published: 2026-05-07
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ZTE Cloud PC client uSmartview contains a format‑string vulnerability (CWE‑134) that can be exploited remotely. The flaw may cause memory corruption which in turn triggers a crash of the client process. An attacker that can send a specially crafted input to the client would be able to deny service to legitimate users.

Affected Systems

Affected systems include ZTE’s Cloud PC Client, known as uSmartview, that runs on the ZTE:ZXCLOUD iRAI platform. No specific product versions are listed as vulnerable, implying that all releases of the client before the vendor fix are potentially affected.

Risk and Exploitability

The CVSS score of 4.7 indicates a moderate impact. Because the exploit requires remote interaction with the client, the attack vector is likely remote over the network. No EPSS information is available and the issue is not listed in the CISA KEV catalog, which suggests limited public exploitation. Nonetheless, attackers could still use the flaw to disrupt service in environments that rely heavily on uninterrupted access to the Cloud PC client.

Generated by OpenCVE AI on May 7, 2026 at 09:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ZTE Cloud PC Client uSmartview to the latest vendor‑provided version that contains the security fix.
  • Restrict or block network traffic to the client from untrusted networks, disabling the ports that expose the vulnerable functionality.
  • Monitor system logs and process stability for anomalous crashes that may indicate attempted exploitation.

Generated by OpenCVE AI on May 7, 2026 at 09:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Zte
Zte zxcloud Irai
Vendors & Products Zte
Zte zxcloud Irai

Thu, 07 May 2026 08:30:00 +0000

Type Values Removed Values Added
Description A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
Title Remote Denial of Service Vulnerability Exists in ZTE Cloud PC Client uSmartview
Weaknesses CWE-134
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Zte Zxcloud Irai
cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published:

Updated: 2026-05-07T13:40:51.376Z

Reserved: 2026-05-06T08:50:27.676Z

Link: CVE-2026-44407

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-07T09:16:27.617

Modified: 2026-05-07T09:16:27.617

Link: CVE-2026-44407

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T09:45:16Z

Weaknesses