ZTE ZXEDM iEMS Password Reset Vulnerability Allowing Unauthorized Operations

Vulnerability

A password reset vulnerability has been identified in the ZTE ZXEDM iEMS product, affecting all users. The issue arises because the cloud EMS portal management does not properly restrict access to the user list acquisition function. This oversight allows attackers to retrieve information about all users through the user list interface. Once they have this information, attackers can reset the passwords of the users, potentially leading to unauthorized operations.

Impact

Exploitation of this vulnerability could result in unauthorized password resets, allowing attackers to perform unauthorized actions on behalf of the affected users.

Added: Apr 13, 2026, 7:59 AM

Updated: Apr 13, 2026, 7:59 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

6.4

remediation

0.0

relevance

5.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

6.4

remediation

0.0

relevance

5.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZTE ZXEDM iEMS Password Reset Vulnerability Allowing Unauthorized Operations

Vulnerability

Impact

Affected Products

ZTE ZXEDM iEMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating