Description
An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.
Published: 2026-05-27
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves an insecure password scheme due to improper cryptographic algorithm selection or key management, allowing hard‑coded keys or weak encryption to be exploited. This flaw can lead to unauthorized data disclosure and integrity compromise of sensitive information stored or transmitted by the device.

Affected Systems

ZTE’s ZXUniPOS NDS‑LTE product is affected. No specific version numbers were provided in the data, so all released firmware for this model should be evaluated.

Risk and Exploitability

With a CVSS score of 7, the risk is high; the EPSS score is unknown and the flaw is not listed in the CISA KEV catalog. The likely attack vector is inferred to involve local or remote exploitation of the device’s authentication mechanisms, where an attacker could use or override the weak password scheme to gain data‑access or tampering capabilities.

Generated by OpenCVE AI on May 27, 2026 at 09:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact ZTE to obtain a fix that addresses the insecure cryptographic implementation and apply the vendor’s patch as soon as it is released.
  • Until a patch is available, reconfigure the device to disable weak cryptographic operations, ensuring all password handling uses secure algorithms such as AES‑256 and eliminating any hard‑coded keys.
  • Perform a comprehensive audit of authentication, key management, and password policies on the device, enforcing strict credential complexity and regular key rotation.

Generated by OpenCVE AI on May 27, 2026 at 09:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 08:00:00 +0000

Type Values Removed Values Added
Title Cryptography implementation flaw vulnerability in ZTE ZXUniPOS NDS-LTE product Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L'}

 cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L'}

Wed, 27 May 2026 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Zte
Zte zxunipos Nds-lte
Vendors & Products Zte
Zte zxunipos Nds-lte

Wed, 27 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.
Title Cryptography implementation flaw vulnerability in ZTE ZXUniPOS NDS-LTE product
Weaknesses CWE-310
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L'}

Subscriptions

Zte Zxunipos Nds-lte
cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published:

Updated: 2026-05-27T18:01:20.640Z

Reserved: 2026-05-27T01:01:53.326Z

Link: CVE-2026-49000

cve-icon Vulnrichment

Updated: 2026-05-27T18:01:17.060Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T05:16:22.290

Modified: 2026-05-27T19:59:03.360

Link: CVE-2026-49000

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T09:45:30Z

Weaknesses