Description
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.
Published: 2026-05-26
Score: 3.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a business logic flaw that allows attackers to abuse legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations and enabling malicious attacks. No explicit details about the specific malicious outcome are provided in the advisory, so the precise impact remains unspecified beyond the potential for abuse of legitimate functions.

Affected Systems

The affected product is ZTE ZXUniPOS NDS‑LTE from ZTE. No version information is provided.

Risk and Exploitability

The CVSS score of 3.8 indicates low severity. EPSS information is unavailable, and the vulnerability is not listed in CISA KEV. The attack vector is not explicitly stated, but the description implies that the attacker must gain access to the application through legitimate functions; this may require valid credentials or network access to the POS system. The likelihood of exploitation is indeterminate due to lack of EPSS data, but the low CVSS suggests limited risk.

Generated by OpenCVE AI on May 26, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor-released patch or update that addresses the business logic flaw in ZXUniPOS NDS‑LTE.
  • Restrict user permissions so that only authorized functions are accessible, limiting the ability to exploit abuse of legitimate capabilities.
  • Monitor transaction logs for abnormal or repeated requests that deviate from normal patterns and investigate suspicious activity.

Generated by OpenCVE AI on May 26, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Zte
Zte zxunipos Nds-lte
Vendors & Products Zte
Zte zxunipos Nds-lte

Tue, 26 May 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.
Title Function Abusement Vulnerability in ZTE ZXUniPOS NDS-LTE
Weaknesses CWE-1240
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Zte Zxunipos Nds-lte
cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published:

Updated: 2026-05-26T11:55:50.829Z

Reserved: 2026-05-06T08:50:27.677Z

Link: CVE-2026-44410

cve-icon Vulnrichment

Updated: 2026-05-26T11:55:28.473Z

cve-icon NVD

Status : Received

Published: 2026-05-26T10:16:18.550

Modified: 2026-05-26T10:16:18.550

Link: CVE-2026-44410

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T12:59:32Z

Weaknesses