CVE-2026-34474 - Vulnerability Details

- Credential Exposure in ZTE ZXHN Routers via Web Interface

Description

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling authentication bypass and network compromise. Some firmware versions may expose only partial identifiers (e.g., serial number, ESSID, MAC addresses).

Published: 2026-05-06

Score: 7.5 High

EPSS: 1.1% Low

KEV: No

Impact:

Action:

Analysis

Impact

A crafted request to the router's web interface can return the administrator password and WLAN pre‑shared key, allowing an attacker to bypass authentication and gain full control of the device and the local network. The resulting compromise threatens confidentiality, integrity, and availability of the connected systems.

Affected Systems

ZTE routers, specifically the ZXHN H298A firmware 1.1 and the H108N firmware 2.6, are affected. Firmware builds in these series may also leak partial identifiers such as serial numbers, ESSIDs, and MAC addresses.

Risk and Exploitability

Based on the description, it is inferred that the vulnerability is exploitable remotely over the router's management interface, so an attacker with network reach to the device can initiate the exploit. The CVSS score is 7.5, indicating a high risk, and the EPSS score is 1%, showing a low but nonzero probability of exploitation. The issue is not listed in the CISA KEV catalog. Because the vulnerability directly leaks privileged credentials, the risk of exploitation remains significant.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Zte

Zxhn H108n

100%

Version	Status	Scheme	Platform
`2.6`	affected	generic	—

Zte

Zxhn H298a

100%

Version	Status	Scheme	Platform
`1.1`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the router firmware to the latest version released by ZTE that patches the credential exposure bug.
If an update is unavailable or delayed, change the default administrative password and WLAN passphrase to strong, unique values.
Disable remote management or restrict web interface access to trusted internal networks only, blocking exposure to the broader internet.

Generated by OpenCVE AI on May 30, 2026 at 14:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01131.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
http://seclists.org/fulldisclosure/2026/May/20
https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9
https://www.zte.com.cn/global/

History

Sat, 30 May 2026 15:00:00 +0000

Type	Values Removed	Values Added
Title		Credential Exposure in ZTE ZXHN Routers via Web Interface

Tue, 26 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2026/May/20

Thu, 07 May 2026 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zte Zte zxhn H108n Zte zxhn H298a
Vendors & Products		Zte Zte zxhn H108n Zte zxhn H298a

Thu, 07 May 2026 15:45:00 +0000

Type	Values Removed	Values Added
Title	Credential Leakage via Router Web Interface

Thu, 07 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 06 May 2026 22:15:00 +0000

Type	Values Removed	Values Added
Title		Credential Leakage via Router Web Interface
Weaknesses		CWE-200

Wed, 06 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
Description		Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling authentication bypass and network compromise. Some firmware versions may expose only partial identifiers (e.g., serial number, ESSID, MAC addresses).
References		https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9 https://www.zte.com.cn/global/

Subscriptions

Zte Zxhn H108n Zxhn H298a

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-06T00:00:00.000Z

Updated: 2026-05-26T05:20:52.572Z

Reserved: 2026-03-27T00:00:00.000Z

Link: CVE-2026-34474

Vulnrichment

Updated: 2026-05-26T05:20:52.572Z

NVD

Status : Awaiting Analysis

Published: 2026-05-06T19:16:36.523

Modified: 2026-05-26T07:16:18.630

Link: CVE-2026-34474

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-30T14:45:25Z

Weaknesses

CWE-200

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object