CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

PT-2026-43706

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

CVE-2026-36539

The affected product is Netis AC1200 Router NC21 (firmware version referenced: V4.0.1.4296). The issue is an unauthenticated CGI endpoint at /cgi-bin/skk_get.cgi that returns the entire router configuration as JSON, exposing administrator credentials, Wi‑Fi and PPPoE credentials, DDNS credentials...

📄 ZTE ZXHN H168N 3.5 Credential Disclosure

The ZTE ZXHN H168N V3.5 firmware exposes quick-setup wizard endpoints that return PPPoE credentials ADUsername, VDUsername and the WLAN KeyPassphrase via the GetPassword action without requiring authentication. The firmware routing allowlists these endpoints through a QuickSetupEnable branch. In...

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

EUVD-2026-17107

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

PT-2026-29045

Name of the Vulnerable Software and Affected Versions ZTE ZXHN H188A versions V6.0.10P2 TE through V6.0.10P3N3 TE Description An issue exists that allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface. These credentials...

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

CVE-2026-34472

CVE-2026-34472 affects ZTE ZXHN H188A routers with firmware versions V6.0.10P2_TE and V6.0.10P3N3_TE. An unauthenticated attacker on the local network can access the router’s web management wizard interface to disclose sensitive credentials (default administrator password, WLAN PSK, PPPoE credent...

Multiple DVR Manufacturers Configuration Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multiple DVR Manufacturers Configuration Disclosure', 'Description' = %q This module takes advantage of an authentication bypass vulnerability at...

CVE-2022-26996

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoeusername, pppoepasswd, and pppoeservicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure

source: https://www.securityfocus.com/bid/48908/info Sagem F@st 3304 router is prone to a remote information-disclosure vulnerability because it fails to restrict access to sensitive information. A remote attacker exploit this issue to obtain sensitive information, possibly aiding in further...

Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure

Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure source: https://www.securityfocus.com/bid/48908/info Sagem F@st 3304 router is prone to a remote information-disclosure vulnerability because it fails to restrict access to sensitive information. A remote attacker exploit this iss...

Huawei EchoLife HG520 - Remote Information Disclosure

Huawei EchoLife HG520 - Remote Information Disclosure Exploit Title: Huawei EchoLife HG520 Remote Information Disclosure Date: 2010-04-19 Author: hkm Product Link: http://www.huawei.com/mobileweb/en/products/view.do?id=660 Firmware Versions: 3.10.18.7-1.0.7.0 3.10.18.5-1.0.7.0 3.10.18.4 Software...

Huawei EchoLife HG520 Remote Information Disclosure

Exploit for hardware platform in category remote exploits =================================================== Huawei EchoLife HG520 Remote Information Disclosure =================================================== Exploit Title: Huawei EchoLife HG520 Remote Information Disclosure Date: 2010-04-19...

Huawei EchoLife HG520 - Remote Information Disclosure

Exploit Title: Huawei EchoLife HG520 Remote Information Disclosure Date: 2010-04-19 Author: hkm Product Link: http://www.huawei.com/mobileweb/en/products/view.do?id=660 Firmware Versions: 3.10.18.7-1.0.7.0 3.10.18.5-1.0.7.0 3.10.18.4 Software Versions: V100R001B120Telmex V100R001B121Telmex Exploi...