Business Logic Flaw in ZTE ICCP iSupport WebUI
CVE-2026-44410

3.8LOW

Key Information:

Vendor: Zte
Status: Zxunipos Nds-lte
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-44410?

This vulnerability arises from a flaw in business logic, allowing attackers to misuse genuine application functions in unexpected ways. By deviating from the intended functionality, malicious actors can exploit these weaknesses to execute unauthorized actions, potentially compromising the integrity and security of the affected application.

Affected Version(s)

ZXUniPOS NDS-LTE V24.40.40

ZXUniPOS NDS-LTE V24.30.40CP02

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bullet...

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 6, 2026

Credit

Venom Nguyen

CVE-2026-44410 Data

JSON

Zte

What is CVE-2026-44410?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit