CVE-2026-40003 | THREATINT

Description

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypassing the Secure Boot signature verification mechanism, and achieving unauthorized code execution.

PUBLISHED Reserved 2026-04-08 | Published 2026-05-07 | Updated 2026-05-07 | Assigner zte

MEDIUM: 5.1CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

Problem types

CWE-787 Out-of-bounds write

Product status

Default status

unaffected

7520V3 chip

affected

Credits

rva3 finder

References

support.zte.com.cn/...ui/bulletin/detail/2144487415169560645

cve.org (CVE-2026-40003)

nvd.nist.gov (CVE-2026-40003)

Download JSON