Access Control Vulnerability in ZTE ICCP I-Support WebUI
CVE-2026-49002

9.1CRITICAL

Key Information:

Vendor: Zte
Status: Zxunipos Nds-lte
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-49002?

This vulnerability arises from inadequate access control measures within the ZTE ICCP I-Support WebUI, allowing unauthorized users to bypass permissions and access sensitive data, such as configuration settings. As a result, affected systems may be open to exploitation, leading to potential data leakage or unauthorized modifications. It is crucial for organizations using this product to implement appropriate security measures and monitor for suspicious access to safeguard their information.

Affected Version(s)

ZXUniPOS NDS-LTE V24.30.40CP02 and earlier versions

ZXUniPOS NDS-LTE V24.40.40 and earlier versions

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bullet...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 27, 2026

Credit

Venom Nguyen

CVE-2026-49002 Data

JSON

Zte

What is CVE-2026-49002?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit