CVE-2026-40002
MediumCVSS 5.0Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability in Red Magic 11 Pro (NX809J) allows non-privileged applications to trigger sensitive operations. The lack of validation for applications accessing the service interface enables an attacker to write files to specific partitions and set writable system properties.
Risk Assessment
The risk involves potential privilege escalation and modification of critical system areas by a malicious application, which could lead to permanent device integrity compromise.
Recommendation
It is recommended to immediately update the firmware to a patched version and restrict installation of applications from untrusted sources.
Original NVD description (English source)
Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.

