CVE-2025-26711
📋 TL;DR
This vulnerability allows unauthorized attackers to access sensitive information through ZTE T5400's web interface due to improper permission controls. It affects ZTE T5400 devices with vulnerable web module configurations. Attackers can exploit this without authentication to retrieve confidential data.
💻 Affected Systems
- ZTE T5400
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete exposure of all sensitive information accessible through the web interface, potentially including credentials, configuration data, and system information that could enable further attacks.
Likely Case
Unauthorized access to some sensitive configuration data or system information that could be used for reconnaissance or to facilitate other attacks.
If Mitigated
Limited or no data exposure if proper network segmentation and access controls are implemented.
🎯 Exploit Status
The vulnerability allows unauthenticated access to sensitive information through web interface endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1441846006241435677
Restart Required: No
Instructions:
1. Access ZTE support portal 2. Download latest firmware/software update 3. Apply update to affected ZTE T5400 devices 4. Verify web interface functionality post-update
🔧 Temporary Workarounds
Disable Web Interface
ZTE T5400Temporarily disable the web management interface if not required for operations
Device-specific CLI commands to disable web interface
Network Access Control
allRestrict access to web interface using firewall rules or network segmentation
iptables -A INPUT -p tcp --dport 80,443 -s trusted_networks -j ACCEPT
iptables -A INPUT -p tcp --dport 80,443 -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate ZTE T5400 devices from untrusted networks
- Deploy web application firewall (WAF) rules to block unauthorized access patterns
🔍 How to Verify
Check if Vulnerable:
Test if unauthorized access to web interface endpoints returns sensitive information without authenticationCheck Version:
Check device web interface or CLI for firmware versionVerify Fix Applied:
After patching, verify that unauthorized requests to web interface endpoints no longer return sensitive information📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to web interface endpoints
- Multiple failed authentication attempts followed by successful data retrieval
Network Indicators:
- Unusual traffic patterns to web interface from unauthorized sources
- Data exfiltration from device web ports
SIEM Query:
source_ip NOT IN authorized_ips AND dest_port IN (80,443) AND dest_ip IN zte_t5400_ips AND response_size > threshold