📄 ZTE ZXHN H298A / H108N Credential Disclosure

A single unauthenticated HTTP GET to /getpage.lua?pid=1000&ETHCheat=1 on ZTE H298A or H108N routers returns the live administrator password OBJUSERINFOIDPassword1, WLAN PSK WLANPSKKeyPassphrase1, and SSID in plaintext HTML. A second endpoint exposes the device serial number. -----BEGIN SECURITY...

EUVD-2026-27883

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

CVE-2026-34474

CVE-2026-34474 affects ZTE ZXHN H298A (1.1) and H108N (2.6) routers. A crafted request to the device’s web interface can cause a sensitive-data exposure, potentially returning the administrator password and WLAN PSK, which could enable authentication bypass and wireless/network compromise. Some f...

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

ZTE ZXHN H108N和ZTE ZXHN H298A 信息泄露漏洞

ZTE ZXHN H108N and ZTE ZXHN H298A are both products of China’s ZTE Corporation. ZTE ZXHN H108N is a modem. ZTE ZXHN H298A is a home gateway routing device. Both the ZTE ZXHN H298A version 1.1 and H108N version 2.6 have information leakage vulnerabilities. These vulnerabilities stem from specially...

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

EUVD-2026-16452

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

PT-2026-28644

Name of the Vulnerable Software and Affected Versions TL-WR850N version 3 Description The issue allows for the storage of administrative and Wi-Fi credentials in cleartext within a region of the device’s flash memory. The serial interface remains enabled and is protected by weak authentication. A...

CLSA-2025-1761074747 kernel: Fix of 39 CVEs

nfs: fix UAF in direct writes CVE-2024-26958 - NFSD: Fix the behavior of READ near OFFSETMAX CVE-2022-48827 - thermal: core: prevent potential string overflow CVE-2023-52868 - ath5k: fix OOB in ath5keepromreadpcalinfo5111 CVE-2021-47633 - RDMA/cma: Ensure rdmaaddrcancel happens before issuing...

CVE-2023-53575 wifi: iwlwifi: mvm: fix potential array out of bounds access

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWLSECWEPKEYOFFSET when needed while verifying keylen size in iwlmvmseckeyadd...

CVE-2025-30198 ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived...

CVE-2025-55599

D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter fwdswepKey...

Tenda AX1803 Security Vulnerability

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. A security vulnerability exists in the Tenda AX1803 v.1.0.0.1, which stems from the presence of a buffer overflow vulnerability. An attacker can exploit the vulnerability to execute arbitrary code via the wpapskcrypto parameter of...

kernel: wifi: iwlwifi: mvm: fix potential array out of bounds access

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWLSECWEPKEYOFFSET when needed while verifying keylen size in iwlmvmseckeyadd...

CVE-2023-40039

An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker in proximity to a Wi-Fi network can derive the default WPA2-PSK value by observing a beacon frame...

CVE-2022-30325

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker...

Voo branded NETGEAR CG3700b Authorization Issues Vulnerability

The NETGEAR CG3700b is a cable modem and router from NETGEAR. An authorization issue vulnerability exists in the Voo branded NETGEAR CG3700b that stems from the use of the same default 8-character passphrase for the management console and WPA2 pre-shared key, which can be exploited by an attacker...

Tesla Model S Hack Could Let Thieves Clone Key Fobs to Steal Cars

Despite having proper security measures in place to protect the driving systems of its cars against cyber attacks, a team of security researchers discovered a way to remotely hack a Tesla Model S luxury sedans in less than two seconds. Yes, you heard that right. A team of researchers from the...

CVE-2018-8755

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device...