CVE-2025-26710

{"id": "CVE-2025-26710", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@zte.com.cn", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2025-09-16T10:15:38.330", "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1441846006241435667", "source": "psirt@zte.com.cn"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@zte.com.cn", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "There is an an information disclosure vulnerability in ZTE T5400. Due to improper configuration of the access control mechanism, attackers can obtain information through interfaces without authorization, causing the risk of information disclosure."}], "lastModified": "2025-09-16T12:49:16.060", "sourceIdentifier": "psirt@zte.com.cn"}