{"vulnerability": "CVE-2026-34473", "sightings": [{"uuid": "6453657d-fbeb-4e4d-a7d6-6f4bc0fd5b35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34473", "type": "seen", "source": "https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9", "content": "", "creation_timestamp": "2026-03-27T23:26:51.000000Z"}, {"uuid": "e977ecbd-b117-4b9c-99a5-b8f0f956a8f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34473", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml7lbrq4we2l", "content": "\ud83d\udfe0 CVE-2026-34473 - High (7.5)\n\nUnauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X,...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-34473/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-06T20:50:15.723237Z"}, {"uuid": "051fe7a1-249c-4208-b0d5-ba20feac5dbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34473", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/84474", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-34473-unauthenticated-dos-zte-routers\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a minanagehsalalma\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a HTML\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-16 15:56:18\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nTechnical breakdown of CVE-2026-34473, an unauthenticated denial of service affecting 17+ ZTE router models.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-16T16:00:04.000000Z"}, {"uuid": "9310ed47-db17-4787-8d45-7ed27cde0350", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34473", "type": "published-proof-of-concept", "source": "Telegram/M2s3PphtTCD9brru-X6QMyPesFMqQlhfbVnnLWpusEfiV5g", "content": "", "creation_timestamp": "2026-05-16T21:00:04.000000Z"}, {"uuid": "5a575df9-07d8-4fb3-b3eb-1039b266145a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34473", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3mm7f3i6ryi2p", "content": "CVE-2026-34473: Pre-auth ZTE H-series router DoS via CGILua request-body parsing", "creation_timestamp": "2026-05-19T12:24:33.042244Z"}, {"uuid": "46899e3c-e2eb-46f9-b781-6c36599265fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34473", "type": "seen", "source": "https://bsky.app/profile/bugxhunter.bsky.social/post/3mmagfitxqa2c", "content": "\ud83d\udc1b ZTE H-series Router Vulnerability CVE-2026-34473\n\n\ud83d\udcdd A ZTE H-series router DoS vulnerability, CVE-2026-34473, allows atta...\n\nhttps://www.reddit.com/r/netsec/comments/1thjmen/cve202634473_preauth_zte_hseries_router_dos_via/\n\n\ud83d\udcf0 Technical Information Security Content & Discussion\n\n#CVE #OSINT", "creation_timestamp": "2026-05-19T22:20:42.322037Z"}, {"uuid": "75f65b1a-7fba-415e-9053-d8fd38d63c83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34473", "type": "seen", "source": "https://bsky.app/profile/bugxhunter.bsky.social/post/3mm7yymtrth2c", "content": "\ud83d\udc1b CVE-2026-34473: Unauthenticated Denial of Service in ZTE Routers\n\n\ud83d\udcdd ZTE routers with 17+ models are affected, impacting 140K+ devic...\n\nhttps://www.reddit.com/r/hacking/comments/1thj9vd/cve202634473_unauthenticated_denial_of_service_in/\n\n\ud83d\udcf0 hacking: security in practice\n\n#CVE #CyberSecurity", "creation_timestamp": "2026-05-19T18:20:51.814893Z"}, {"uuid": "e74baee0-2717-425a-971c-60fdb959b0fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34473", "type": "seen", "source": "https://bsky.app/profile/bugxhunter.bsky.social/post/3mmbguqhphv2i", "content": "\ud83d\udc1b ZTE H-series Router Vulnerability CVE-2026-34473\n\n\ud83d\udcdd ZTE H-series routers are vulnerable to a pre-auth DoS attack vi...\n\nhttps://www.reddit.com/r/netsec/comments/1thjmen/cve202634473_preauth_zte_hseries_router_dos_via/\n\n\ud83d\udcf0 Technical Information Security Content & Discussion\n\n#CVE #DataBreach", "creation_timestamp": "2026-05-20T08:01:53.630229Z"}, {"uuid": "b2217041-6100-4a9b-818e-80b7fb6734b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34473", "type": "seen", "source": "https://gist.github.com/its0din-ai/fd4f03bc16b1572f79ca6da2995c89a1", "content": "# ZTE ZXHN router vulnerabilities\nPublic disclosure date: 2026-03-27\nResearcher: Mina Nageh Salama Zekry\n\nThis advisory documents three vulnerabilities affecting multiple ZTE ZXHN router models. The following CVE IDs were assigned by the CVE Program:\n\n- CVE-2026-34472\n- CVE-2026-34473\n- CVE-2026-34474\n\n## CVE-2026-34472 \u2014 ZXHN H188A V6.0 unauthenticated credential disclosure leading to authentication bypass\n\n**Affected product:** ZTE ZXHN H188A V6.0  \n**Affected versions:** V6.0.10P2_TE, V6.0.10P3N3_TE\n\n**Summary:**  \nAn unauthenticated user can access sensitive configuration data exposed by the web wizard interface, including administrative, WLAN, and PPPoE credentials. The issue can lead to information disclosure and unauthorized administrative access.\n\n**Impact:**  \nInformation disclosure, authentication bypass, privilege escalation.\n\n**Observed component / endpoint:**  \n`/?_type=tedataNotLoginData&_tag=wizard_lua.lua&IF_ACTION=...`\n\n## CVE-2026-34473 \u2014 ZTE ZXHN H-series unauthenticated denial of service via oversized URL-encoded POST body\n\n**Affected products / models include:**  \nH8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, H196Q\n\n**Affected version scope:**  \nMultiple firmware versions observed across affected H-series models, including versions in use prior to 2022.\n\n**Summary:**  \nAn unauthenticated attacker can send an oversized `application/x-www-form-urlencoded` POST request to the router management interface, causing the interface to become unresponsive.\n\n**Impact:**  \nDenial of service / loss of availability of the management interface.\n\n## CVE-2026-34474 \u2014 ZXHN H298A / H108N sensitive data exposure leading to credential leakage\n\n**Affected products:**  \nZTE ZXHN H298A, ZTE ZXHN H108N\n\n**Affected versions:**  \nH298A V1.1, H108N V2.6\n\n**Summary:**  \nSensitive data is exposed through the web interface, allowing an unauthenticated user to obtain administrative credentials and WLAN-related secrets. The issue can enable unauthorized access and compromise of Wi-Fi credentials.\n\n**Impact:**  \nInformation disclosure, authentication bypass, privilege escalation.\n\n**Observed component / endpoint:**  \n`/getpage.lua?pid=1000&ETHCheat=1`\n\n## Timeline\n\n- 2024-05-02: Vulnerabilities reported to vendor\n- 2026-03-27: CVE IDs assigned by the CVE Program", "creation_timestamp": "2026-05-20T14:34:56.000000Z"}, {"uuid": "73d44735-336d-4a6e-92d4-597ed3fbe577", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34473", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mms5fr5sbs2g", "content": "[SECURITY ADVISORY] CVE-2026-34473 - Unauthenticated DoS in 17+ ZTE Router Models (140K+ Devices)\n\nPosted by m.nageh on May 25-----BEGIN SECURITY ADVISORY----- \n\nAdvisory ID: MONX-2026-001 \nCVE ID: CVE-2026-34473 \nTitle: Unauthenticated Denial of Service via Oversized POST Body \ni\u2026\n#hackernews #news", "creation_timestamp": "2026-05-26T23:27:43.366858Z"}]}