{"vulnerability": "CVE-2026-34474", "sightings": [{"uuid": "b909c653-906f-409c-b1ab-61e665045c1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34474", "type": "seen", "source": "https://gist.github.com/its0din-ai/fd4f03bc16b1572f79ca6da2995c89a1", "content": "# ZTE ZXHN router vulnerabilities\nPublic disclosure date: 2026-03-27\nResearcher: Mina Nageh Salama Zekry\n\nThis advisory documents three vulnerabilities affecting multiple ZTE ZXHN router models. The following CVE IDs were assigned by the CVE Program:\n\n- CVE-2026-34472\n- CVE-2026-34473\n- CVE-2026-34474\n\n## CVE-2026-34472 \u2014 ZXHN H188A V6.0 unauthenticated credential disclosure leading to authentication bypass\n\n**Affected product:** ZTE ZXHN H188A V6.0  \n**Affected versions:** V6.0.10P2_TE, V6.0.10P3N3_TE\n\n**Summary:**  \nAn unauthenticated user can access sensitive configuration data exposed by the web wizard interface, including administrative, WLAN, and PPPoE credentials. The issue can lead to information disclosure and unauthorized administrative access.\n\n**Impact:**  \nInformation disclosure, authentication bypass, privilege escalation.\n\n**Observed component / endpoint:**  \n`/?_type=tedataNotLoginData&_tag=wizard_lua.lua&IF_ACTION=...`\n\n## CVE-2026-34473 \u2014 ZTE ZXHN H-series unauthenticated denial of service via oversized URL-encoded POST body\n\n**Affected products / models include:**  \nH8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, H196Q\n\n**Affected version scope:**  \nMultiple firmware versions observed across affected H-series models, including versions in use prior to 2022.\n\n**Summary:**  \nAn unauthenticated attacker can send an oversized `application/x-www-form-urlencoded` POST request to the router management interface, causing the interface to become unresponsive.\n\n**Impact:**  \nDenial of service / loss of availability of the management interface.\n\n## CVE-2026-34474 \u2014 ZXHN H298A / H108N sensitive data exposure leading to credential leakage\n\n**Affected products:**  \nZTE ZXHN H298A, ZTE ZXHN H108N\n\n**Affected versions:**  \nH298A V1.1, H108N V2.6\n\n**Summary:**  \nSensitive data is exposed through the web interface, allowing an unauthenticated user to obtain administrative credentials and WLAN-related secrets. The issue can enable unauthorized access and compromise of Wi-Fi credentials.\n\n**Impact:**  \nInformation disclosure, authentication bypass, privilege escalation.\n\n**Observed component / endpoint:**  \n`/getpage.lua?pid=1000&ETHCheat=1`\n\n## Timeline\n\n- 2024-05-02: Vulnerabilities reported to vendor\n- 2026-03-27: CVE IDs assigned by the CVE Program", "creation_timestamp": "2026-05-20T14:34:56.000000Z"}, {"uuid": "8f4a7d53-148a-4e38-af15-46f91306d35f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34474", "type": "seen", "source": "https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9", "content": "", "creation_timestamp": "2026-03-27T23:26:51.000000Z"}, {"uuid": "6ea65789-17aa-4e2c-ad5a-59941abe6263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34474", "type": "seen", "source": "https://t.me/GithubRedTeam/85028", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-34474-zte-h298a-h108n-sensitive-data-exposure\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a minanagehsalalma\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a CSS\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-20 13:20:34\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-34474: unauthenticated ETHCheat=1 requests leak the admin password and Wi-Fi PSK from ZTE H298A/H108N routers.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-20T14:00:04.000000Z"}, {"uuid": "91713212-e438-4855-8186-f9b9cddd8d43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34474", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3mmeslnxxem24", "content": "CVE-2026-34474: Pre-auth credential disclosure in ZTE H298A / H108N via ETHCheat", "creation_timestamp": "2026-05-21T16:09:32.873240Z"}, {"uuid": "608a7e33-ddb8-412f-a900-feaebf201712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34474", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mms7p3atnk2g", "content": "[SECURITY ADVISORY] CVE-2026-34474 - ZTE H298A/H108N Unauthenticated Admin Credential Exposure\n\nPosted by m.nageh on May 25-----BEGIN SECURITY ADVISORY----- \n\nAdvisory ID: MONX-2026-003 \nCVE ID: CVE-2026-34474 \nTitle: ZTE ZXHN H298A / H108N - Unauthenticated Admin Password & \nWLAN\u2026\n#hackernews #news", "creation_timestamp": "2026-05-27T00:08:43.860270Z"}]}