CVE Catalog

CVE-2026-40002

MediumCVSS 5.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability in Red Magic 11 Pro (NX809J) allows non-privileged applications to trigger sensitive operations. The lack of validation for applications accessing the service interface enables an attacker to write files to specific partitions and set writable system properties.

Risk Assessment

The risk involves potential privilege escalation and modification of critical system areas by a malicious application, which could lead to permanent device integrity compromise.

Recommendation

It is recommended to immediately update the firmware to a patched version and restrict installation of applications from untrusted sources.

Original NVD description (English source)

Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS