Base Score

MEDIUM5.7

CVE-2025-26709

There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface

VectorADJACENT_NETWORK

Published Bypsirt@zte.com.cn

Published DateAug 15, 2025, 11:15

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

5.7

Vector String

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1288700446535356789

Base Score

MEDIUM5.7

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

5.7

Vector String

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE