{"uuid": "dc004f51-4872-4801-97ed-e4429cfa9aa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34472", "type": "seen", "source": "https://gist.github.com/its0din-ai/fd4f03bc16b1572f79ca6da2995c89a1", "content": "# ZTE ZXHN router vulnerabilities\nPublic disclosure date: 2026-03-27\nResearcher: Mina Nageh Salama Zekry\n\nThis advisory documents three vulnerabilities affecting multiple ZTE ZXHN router models. The following CVE IDs were assigned by the CVE Program:\n\n- CVE-2026-34472\n- CVE-2026-34473\n- CVE-2026-34474\n\n## CVE-2026-34472 \u2014 ZXHN H188A V6.0 unauthenticated credential disclosure leading to authentication bypass\n\n**Affected product:** ZTE ZXHN H188A V6.0  \n**Affected versions:** V6.0.10P2_TE, V6.0.10P3N3_TE\n\n**Summary:**  \nAn unauthenticated user can access sensitive configuration data exposed by the web wizard interface, including administrative, WLAN, and PPPoE credentials. The issue can lead to information disclosure and unauthorized administrative access.\n\n**Impact:**  \nInformation disclosure, authentication bypass, privilege escalation.\n\n**Observed component / endpoint:**  \n`/?_type=tedataNotLoginData&_tag=wizard_lua.lua&IF_ACTION=...`\n\n## CVE-2026-34473 \u2014 ZTE ZXHN H-series unauthenticated denial of service via oversized URL-encoded POST body\n\n**Affected products / models include:**  \nH8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, H196Q\n\n**Affected version scope:**  \nMultiple firmware versions observed across affected H-series models, including versions in use prior to 2022.\n\n**Summary:**  \nAn unauthenticated attacker can send an oversized `application/x-www-form-urlencoded` POST request to the router management interface, causing the interface to become unresponsive.\n\n**Impact:**  \nDenial of service / loss of availability of the management interface.\n\n## CVE-2026-34474 \u2014 ZXHN H298A / H108N sensitive data exposure leading to credential leakage\n\n**Affected products:**  \nZTE ZXHN H298A, ZTE ZXHN H108N\n\n**Affected versions:**  \nH298A V1.1, H108N V2.6\n\n**Summary:**  \nSensitive data is exposed through the web interface, allowing an unauthenticated user to obtain administrative credentials and WLAN-related secrets. The issue can enable unauthorized access and compromise of Wi-Fi credentials.\n\n**Impact:**  \nInformation disclosure, authentication bypass, privilege escalation.\n\n**Observed component / endpoint:**  \n`/getpage.lua?pid=1000&ETHCheat=1`\n\n## Timeline\n\n- 2024-05-02: Vulnerabilities reported to vendor\n- 2026-03-27: CVE IDs assigned by the CVE Program", "creation_timestamp": "2026-05-20T14:34:56.000000Z"}