File Write Vulnerability in Red Magic 11 Pro by ZTE
CVE-2026-40002

5MEDIUM

Key Information:

Vendor: Zte
Status: Red Magic 11 Pro (nx809j)
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-40002?

The Red Magic 11 Pro (NX809J) has a security flaw that enables non-privileged applications to perform sensitive operations. This vulnerability arises from insufficient validation procedures for applications that access the service interface. An attacker could exploit this weakness to write files to designated partitions and modify system properties, potentially leading to unauthorized access and control over the device's functionality.

Affected Version(s)

Red Magic 11 Pro (NX809J) GEN_NEEA_NX809J V1.0.0B14MR1

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bullet...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 8, 2026

Credit

Christopher Nelson

CVE-2026-40002 Data

JSON