Description
There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure.
Published: 2026-05-22
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability results from an improper configuration of the access control mechanism in ZTE MU5250, allowing attackers to retrieve sensitive data without proper authorization. This weakness is a classic information disclosure flaw (CWE-200) that permits remote viewing of system information, potentially exposing configuration details or other confidential data. The impact depends on the sensitivity of the disclosed data; it could lead to compromised privacy, operational insight, or further exploitation if exposed credentials are included.

Affected Systems

The affected product is the ZTE MU5250. No specific firmware or hardware revisions were enumerated in the CNA data, so all versions of the MU5250 are potentially vulnerable unless the vendor has issued a patch or mitigation note.

Risk and Exploitability

The CVSS score of 5.7 indicates a moderate severity vulnerability, with a moderate impact to confidentiality. Since no EPSS score is available, the likelihood of exploitation is uncertain; the vulnerability is not referenced in the CISA KEV catalog. Based on the description, it is inferred that attackers may exploit the flaw by connecting to the device’s exposed management interfaces over the network, leveraging the missing authentication enforcement. No special prerequisites such as elevated privileges are mentioned, suggesting that remote unauthenticated access could suffice. Overall, the threat is credible, especially in environments where the device’s management interface is reachable from untrusted networks.

Generated by OpenCVE AI on May 22, 2026 at 06:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Reconfigure the MU5250 to require authentication on all management functions and disable any default or guest access that bypasses the access control mechanism.
  • Apply the latest firmware update provided by ZTE as soon as it becomes available; monitor the vendor’s support portal for patch releases.
  • Implement network segmentation or firewall rules to restrict access to the device’s management interfaces, ensuring only trusted administrative hosts can reach the configuration services.

Generated by OpenCVE AI on May 22, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Zte
Zte mu5250
Vendors & Products Zte
Zte mu5250

Fri, 22 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure.
Title Information disclosure vulnerability in ZTE MU5250
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Zte Mu5250
cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published:

Updated: 2026-05-22T13:47:14.731Z

Reserved: 2026-05-06T08:50:27.676Z

Link: CVE-2026-44409

cve-icon Vulnrichment

Updated: 2026-05-22T13:47:10.823Z

cve-icon NVD

Status : Received

Published: 2026-05-22T05:16:26.350

Modified: 2026-05-22T05:16:26.350

Link: CVE-2026-44409

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T06:30:29Z

Weaknesses