CVE-2026-40003

Name of the Vulnerable Software and Affected Versions ZTE ZX297520V3 (affected versions not specified)

Description The BootROM contains an issue allowing arbitrary memory writes via USB. Due to a lack of target address validation in the USB download mode, it is possible to write data to any location in the BootROM runtime memory. This can lead to overwriting the stack, hijacking the execution flow, and bypassing the Secure Boot signature verification mechanism, which ultimately enables unauthorized code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.