CVE-2025-26711 is a medium-severity vulnerability identified in the ZTE T5400 product, specifically version CR_UNIAGT5400V1.0.0B02. The vulnerability arises from improper permission control in the Web module interface of the device. This flaw allows an unauthorized attacker, who has network access but requires low privileges (PR:L), to access sensitive information without user interaction. The vulnerability is classified under CWE-200, which pertains to the exposure of sensitive information to unauthorized actors. The CVSS v3.1 base score is 5.7, reflecting a medium severity level. The attack vector is adjacent network (AV:A), meaning the attacker must be on the same local network or have similar access. The vulnerability does not impact integrity or availability but has a high impact on confidentiality, as sensitive data can be leaked. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability does not require user interaction, increasing the risk of automated or stealthy information disclosure. The ZTE T5400 is a telecommunications device, likely used in network infrastructure, which makes the exposure of sensitive information potentially impactful for network security and privacy.

For European organizations, especially telecommunications providers and enterprises relying on ZTE network equipment, this vulnerability poses a risk of unauthorized disclosure of sensitive information. Such information could include configuration details, credentials, or network topology data, which attackers could leverage for further attacks or espionage. The exposure could undermine confidentiality, leading to potential data breaches or facilitating lateral movement within networks. Given the medium severity and the requirement for adjacent network access with low privileges, the threat is more pronounced in environments where network segmentation is weak or where attackers can gain local network access, such as through compromised devices or insider threats. The absence of known exploits reduces immediate risk, but the lack of patches means the vulnerability remains exploitable. European telecom operators and critical infrastructure entities using ZTE T5400 devices could face increased risk of targeted reconnaissance or information leakage, potentially impacting privacy regulations compliance such as GDPR.

Organizations should implement strict network segmentation to limit access to the ZTE T5400 management interfaces, ensuring that only authorized personnel and systems can reach the Web module interface. Employing strong access controls and monitoring for unusual access patterns on the device is critical. Since no patch is currently available, consider disabling or restricting the vulnerable Web module interface if operationally feasible. Use VPNs or secure management channels to access device interfaces, reducing exposure to adjacent network attackers. Regularly audit device configurations and logs for signs of unauthorized access attempts. Engage with ZTE support to obtain updates on patch availability and apply security updates promptly once released. Additionally, implement intrusion detection systems capable of identifying anomalous behavior related to device management interfaces. Finally, educate network administrators on the risks of this vulnerability and enforce strict credential management policies.