CVE-2026-40003— USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM
Possible ATT&CK Techniques 3AI
T1136 · Create Account T1055 · Process Injection T1068 · Exploitation for Privilege EscalationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ZTE | ZX297520V3 BootROM | 7520V3 chip | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40003
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM
Source: NVD (National Vulnerability Database)
Vulnerability Description
ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypassing the Secure Boot signature verification mechanism, and achieving unauthorized code execution.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
ZTE ZX297520V3 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ZTE ZX297520V3是中国中兴通讯(ZTE)公司的一款工业级4G模组。 ZTE ZX297520V3存在缓冲区错误漏洞,该漏洞源于USB下载模式缺乏目标地址验证,可能导致任意内存写入,进而覆盖堆栈、劫持执行流程、绕过安全启动签名验证机制并实现未授权代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ZTE | ZX297520V3 BootROM | 7520V3 chip | - |
II. Public POCs for CVE-2026-40003
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40003
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-40003 (1)
Same Patch Batch · ZTE · 2026-05-07 · 4 CVEs total
| CVE-2026-44406 | 5.7 MEDIUM | DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview |
| CVE-2026-40004 | 5.5 MEDIUM | openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview |
| CVE-2026-44407 | 4.7 MEDIUM | Remote Denial of Service Vulnerability Exists in ZTE Cloud PC Client uSmartview |
IV. Related Vulnerabilities
Same vendor: ZTE
- CVE-2026-44410
Function Abusement Vulnerability in ZTE ZXUniPOS NDS-LTE - CVE-2026-44409
Information disclosure vulnerability in ZTE MU5250 - CVE-2026-44408
Unauthorized access vulnerability in ZTE MU5250 - CVE-2026-44407
Remote Denial of Service Vulnerability Exists in ZTE Cloud P - CVE-2026-44406
DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartvie
V. Comments for CVE-2026-40003
No comments yet