CVE-2026-40002 | THREATINT

Description

Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.

PUBLISHED Reserved 2026-04-08 | Published 2026-04-17 | Updated 2026-04-17 | Assigner zte

MEDIUM: 5.0CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Problem types

CWE-269: Improper Privilege Management

Product status

Default status

unaffected

GEN_NEEA_NX809J V1.0.0B14MR1 (custom)

affected

Credits

Christopher Nelson finder

References

support.zte.com.cn/...ui/bulletin/detail/8224335890517684583

cve.org (CVE-2026-40002)

nvd.nist.gov (CVE-2026-40002)

Download JSON