Lucene search
K

233 matches found

Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.95 views

ZTE ZXHN H188A V6 - Authentication Bypass

Exploit Title: ZTE ZXHN H188A V6 - Authentication Bypass Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link: https://github.com/minanagehsalalma/cve-2026-34472-auth-bypass-zte-h188a-router Version: ZXHN H188A V6.0.10P2TE,...

7.1CVSS5.8AI score0.08943EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/05/26 8:12 a.m.18 views

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

7.5CVSS5.8AI score0.24681EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.78 views

📄 ZTE ZXHN H168N 3.5 Credential Disclosure

The ZTE ZXHN H168N V3.5 firmware exposes quick-setup wizard endpoints that return PPPoE credentials ADUsername, VDUsername and the WLAN KeyPassphrase via the GetPassword action without requiring authentication. The firmware routing allowlists these endpoints through a QuickSetupEnable branch. In...

6.5CVSS6.6AI score0.00921EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.63 views

📄 ZTE ZXHN H188A V6 Authentication Bypass

Unauthenticated requests to the root path of ZTE ZXHN H188A V6 firmware can reach pre-login wizard handlers and disclose WLAN PSKs, SSIDs, and PPPoE usernames. The leaked Wi-Fi password is also the default administrator password after uppercasing, resulting in full authentication bypass. -----BEG...

7.1CVSS5.8AI score0.08943EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.99 views

📄 ZTE ZXHN Router Denial of Service

The CGILua post.lua parser used in ZTE ZXHN routers does not enforce an upper bound on the body size of application/x-www-form-urlencoded POST requests. An unauthenticated attacker can crash or freeze the router's web management service by sending a single HTTP POST request with an oversized body...

7.5CVSS5.9AI score0.02376EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/20 12:0 a.m.81 views

📄 ZTE ZXHN H168N 3.6 Credential Leak / Admin Compromise

ZTE ZXHN H168N version 3.5 suffers from a password leak vulnerability that leads to full administrative compromise. Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential Leak to Full Admin Compromise Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2021-21735 Vendor: ZT...

6.5CVSS6.6AI score0.00921EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/05/20 12:0 a.m.102 views

📄 ZTE ZXHN H188A 6 Authentication Bypass / Credential Disclosure

ZTE ZXHN H188A version 6 suffers from an authentication bypass vulnerability via a pre-login wizard credential leak. Title: ZTE ZXHN H188A V6 - Authentication Bypass via Pre-Login Wizard Credential Leak Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2026-34472 Vendor: ZTE...

7.1CVSS5.8AI score0.08943EPSS
Exploits3
NVD
NVD
added 2026/05/06 7:16 p.m.9 views

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

7.5CVSS0.24681EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/05/06 12:0 a.m.9 views

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

5.8AI score0.24681EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 12:0 a.m.7 views

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

5.8AI score0.24681EPSS
Exploits3References3
Cvelist
Cvelist
added 2026/05/06 12:0 a.m.33 views

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

0.24681EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38218

Name of the Vulnerable Software and Affected Versions ZTE ZXHN H298A version 1.1 ZTE H108N version 2.6 Description A crafted request to the router web interface can cause sensitive data exposure. This issue may leak device and account information, including the administrator password and WLAN...

7.5CVSS5.8AI score0.24681EPSS
Exploits3References8
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

ZTE ZXHN H108N和ZTE ZXHN H298A 信息泄露漏洞

ZTE ZXHN H108N and ZTE ZXHN H298A are both products of China’s ZTE Corporation. ZTE ZXHN H108N is a modem. ZTE ZXHN H298A is a home gateway routing device. Both the ZTE ZXHN H298A version 1.1 and H108N version 2.6 have information leakage vulnerabilities. These vulnerabilities stem from specially...

7.5CVSS5.8AI score0.24681EPSS
Exploits3References2
CVE
CVE
added 2026/05/06 12:0 a.m.25 views

CVE-2026-34474

CVE-2026-34474 affects ZTE ZXHN H298A (1.1) and H108N (2.6) routers. A crafted request to the device’s web interface can cause a sensitive-data exposure, potentially returning the administrator password and WLAN PSK, which could enable authentication bypass and wireless/network compromise. Some f...

7.5CVSS5.8AI score0.24681EPSS
Exploits3References3
VulnCheck KEV
VulnCheck KEV
added 2026/04/30 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-53558

ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices...

8.8CVSS8AI score0.0135EPSS
In wildExploits0References2
EUVD
EUVD
added 2026/03/30 6:31 p.m.6 views

EUVD-2026-17107

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

7.1CVSS5.9AI score0.08943EPSS
Exploits3References3
CVE
CVE
added 2026/03/30 12:0 a.m.66 views

CVE-2026-34472

CVE-2026-34472 affects ZTE ZXHN H188A routers with firmware versions V6.0.10P2_TE and V6.0.10P3N3_TE. An unauthenticated attacker on the local network can access the router’s web management wizard interface to disclose sensitive credentials (default administrator password, WLAN PSK, PPPoE credent...

7.1CVSS5.9AI score0.08943EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2026/03/30 12:0 a.m.23 views

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

0.08943EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.2 views

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

7.1CVSS5.9AI score0.08943EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29045

Name of the Vulnerable Software and Affected Versions ZTE ZXHN H188A versions V6.0.10P2 TE through V6.0.10P3N3 TE Description An issue exists that allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface. These credentials...

7.1CVSS5.8AI score0.08943EPSS
Exploits3References8
Rows per page
Query Builder