CVE-2026-40003

medium

Published 2026-05-07 · Modified 2026-05-13

CVSS v3

6.8

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

—

VIR risk

6.8

Description

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypassing the Secure Boot signature verification mechanism, and achieving unauthorized code execution.

Predictions

Exploit likelihood

67%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@zte.com.cn — https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2144487415169560645

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2144487415169560645

CWEs

CWE-787

Verify integrity in audit chain (admin only). AS-IS.