Arbitrary Memory Write Vulnerability in ZTE ZX297520V3 BootROM
CVE-2026-40003

5.1MEDIUM

Key Information:

Vendor: Zte
Status: Zx297520v3 Bootrom
Vendor: CVE Published:; 7 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-40003?

The ZTE ZX297520V3 BootROM is susceptible to an arbitrary memory write vulnerability that can be exploited via USB. This weakness stems from the lack of proper validation for target addresses during USB download mode, allowing attackers to manipulate memory locations within the BootROM runtime. By writing data to any designated memory location, attackers can overwrite the stack, potentially hijacking execution flow and circumventing Secure Boot's signature verification. This puts the affected systems at significant risk of unauthorized code execution and further compromises system integrity.

Affected Version(s)

ZX297520V3 BootROM 7520V3 chip

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-40003
Created by rva3

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bullet...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 7, 2026
👾
Exploit known to exist
May 7, 2026
Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 8, 2026

Credit

rva3

CVE-2026-40003 Data

JSON

Zte