Description
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling authentication bypass and network compromise. Some firmware versions may expose only partial identifiers (e.g., serial number, ESSID, MAC addresses).
Published: 2026-05-06
Score: 7.5 High
EPSS: 24.7% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Sensitive data exposure allows an attacker to obtain the administrator password and WLAN pre‑shared key from certain ZTE routers. When a crafted request is sent to the web interface, the device may return the credentials, providing full control of the device and compromise of the local network. This reflects a CWE‑200 Sensitive Information Exposure and threatens the confidentiality, integrity, and availability of connected systems.

Affected Systems

ZTE routers, specifically models ZXHN H298A firmware 1.1 and H108N firmware 2.6, also disclose partial identifiers such as serial numbers, ESSIDs, and MAC addresses.

Risk and Exploitability

Based on the description, it is inferred that the attack vector is remote over the router’s management interface, requiring the attacker to craft a specific request that triggers the leak. The vulnerability can be exploited remotely over the router’s management interface, allowing an attacker with network reach to trigger the exploit. The CVSS score of 7.5 indicates a high risk, and the EPSS score of 24.7% suggests a relatively high likelihood of exploitation. The issue is not listed in the CISA KEV catalog. As the leak reveals privileged credentials, the potential for serious compromise remains significant.

Generated by OpenCVE AI on June 24, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Change the default administrative password and WLAN passphrase to strong, unique values to reduce credential exposure.
  • Disable remote management or restrict the web interface to trusted internal networks only to lower the attack surface.
  • Stay informed of vendor advisories and apply any firmware update or security patch for ZTE devices when it becomes available.

Generated by OpenCVE AI on June 24, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Title ZTE Router Web Interface Exposes Administrator and WLAN Credentials

Wed, 24 Jun 2026 08:15:00 +0000

Type Values Removed Values Added
Title Router Credential Leak via Web Interface in ZTE ZXHN H298A and H108N

Wed, 24 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Title Router Credential Leak via Web Interface in ZTE ZXHN H298A and H108N

Tue, 23 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Title Credential Exposure in ZTE ZXHN Routers via Web Interface

Sat, 30 May 2026 15:00:00 +0000

Type Values Removed Values Added
Title Credential Exposure in ZTE ZXHN Routers via Web Interface

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
References

Thu, 07 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Zte
Zte zxhn H108n
Zte zxhn H298a
Vendors & Products Zte
Zte zxhn H108n
Zte zxhn H298a

Thu, 07 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title Credential Leakage via Router Web Interface

Thu, 07 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 06 May 2026 22:15:00 +0000

Type Values Removed Values Added
Title Credential Leakage via Router Web Interface
Weaknesses CWE-200

Wed, 06 May 2026 19:15:00 +0000

Type Values Removed Values Added
Description Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling authentication bypass and network compromise. Some firmware versions may expose only partial identifiers (e.g., serial number, ESSID, MAC addresses).
References

Subscriptions

Zte Zxhn H108n Zxhn H298a
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-26T05:20:52.572Z

Reserved: 2026-03-27T00:00:00.000Z

Link: CVE-2026-34474

cve-icon Vulnrichment

Updated: 2026-05-26T05:20:52.572Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T19:16:36.523

Modified: 2026-06-17T10:39:06.223

Link: CVE-2026-34474

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T13:30:06Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor