CVE-2026-40003
Awaiting Analysis Awaiting Analysis - Queue

BootROM Arbitrary Memory Write via USB in ZTE ZX297520V3

Vulnerability report for CVE-2026-40003, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-07

Last updated on: 2026-05-07

Assigner: ZTE Corporation

Description

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypassing the Secure Boot signature verification mechanism, and achieving unauthorized code execution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-07
Last Modified
2026-05-07
Generated
2026-07-06
AI Q&A
2026-05-07
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
zte zx297520v3_bootrom *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in the ZTE ZX297520V3 BootROM and allows attackers to perform arbitrary memory writes via USB.

This happens because the USB download mode does not validate the target address, enabling attackers to write data to any location in the BootROM runtime memory.

By doing so, attackers can overwrite the stack, hijack the execution flow, bypass the Secure Boot signature verification mechanism, and execute unauthorized code.

Impact Analysis

This vulnerability can have serious impacts including unauthorized code execution on the affected device.

Attackers exploiting this flaw can hijack the device's execution flow and bypass security mechanisms like Secure Boot, potentially leading to device compromise.

Such unauthorized access could result in data manipulation, disruption of device functionality, or use of the device for malicious purposes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40003. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart