The vulnerability results from an improper configuration of the access control mechanism in ZTE MU5250, allowing attackers to retrieve sensitive data without proper authorization. This weakness is an information disclosure flaw (CWE-200) and an access control failure (CWE-862) that permits remote viewing of system information, potentially exposing configuration details or other confidential data. The impact depends on the sensitivity of the disclosed data; it could lead to compromised privacy, operational insight, or further exploitation if exposed credentials are included.

The affected product is the ZTE MU5250. Firmware version 1.0.0b27 is specifically affected and earlier firmware releases are presumed vulnerable unless a vendor patch is applied.

The CVSS score of 5.7 indicates a moderate severity vulnerability, with a moderate impact to confidentiality. The EPSS score of 0.00022, reflecting a probability below 1%, indicates a very low but nonzero likelihood of exploitation; the vulnerability is not referenced in the CISA KEV catalog. Based on the description, it is inferred that attackers may exploit the flaw by connecting to the device’s exposed management interfaces over the network, leveraging the missing authentication enforcement. No special prerequisites such as elevated privileges are mentioned, suggesting that remote unauthenticated access could suffice. Overall, the threat is credible, especially in environments where the device’s management interface is reachable from untrusted networks.