Description
There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can  modify configuration through the interface.
Published: 2026-05-19
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unauthorized access flaw within the ZTE MU5250 web interface caused by improper permission controls. An attacker who can reach the interface can alter device configuration settings, potentially affecting routing, security policies, or network availability. This flaw aligns with CWE-200 and allows the attacker to modify functional parameters without proper authentication.

Affected Systems

The affected device is the ZTE MU5250, a mobile broadband gateway. No specific firmware or software version numbers are provided in the advisory.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. While the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, the attack vector is likely remote via the exposed web UI. An attacker with network access can exploit it to change configuration, which could lead to service disruption or further compromise if additional features are misconfigured.

Generated by OpenCVE AI on May 19, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any firmware or security patch released by ZTE for the MU5250 as detailed in the official support bulletin
  • Restrict access to the web interface by limiting its exposure to trusted IP ranges or VPN tunnels
  • Use strong authentication mechanisms, such as disabling anonymous access and enforcing complex passwords or two‑factor authentication
  • If possible, disable or lock the default administrative accounts and replace them with role‑based accounts

Generated by OpenCVE AI on May 19, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Zte
Zte mu5250
Vendors & Products Zte
Zte mu5250

Tue, 19 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
Description There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can  modify configuration through the interface.
Title Unauthorized access vulnerability in ZTE MU5250
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Zte Mu5250
cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published:

Updated: 2026-05-19T13:24:26.608Z

Reserved: 2026-05-06T08:50:27.676Z

Link: CVE-2026-44408

cve-icon Vulnrichment

Updated: 2026-05-19T13:24:24.030Z

cve-icon NVD

Status : Deferred

Published: 2026-05-19T09:16:20.020

Modified: 2026-05-19T14:50:07.413

Link: CVE-2026-44408

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T10:39:42Z

Weaknesses