CVE-2026-40003
Last modified
CVE-2026-40003 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypassing the Secure Boot signature verification mechanism, and achieving unauthorized code execution.. EPSS estimates a 0.30% chance of exploitation in the next 30 days.
Description
ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypassing the Secure Boot signature verification mechanism, and achieving unauthorized code execution.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zte | Zx297520v3 Firmware | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-40003?
How severe is CVE-2026-40003?
How do I fix CVE-2026-40003?
Are you affected by CVE-2026-40003?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST