Impact
Sensitive data exposure allows an attacker to obtain the administrator password and WLAN pre‑shared key from certain ZTE routers. When a crafted request is sent to the web interface, the device may return the credentials, providing full control of the device and compromise of the local network. This reflects a CWE‑200 Sensitive Information Exposure and threatens the confidentiality, integrity, and availability of connected systems.
Affected Systems
ZTE routers, specifically models ZXHN H298A firmware 1.1 and H108N firmware 2.6, also disclose partial identifiers such as serial numbers, ESSIDs, and MAC addresses.
Risk and Exploitability
Based on the description, it is inferred that the attack vector is remote over the router’s management interface, requiring the attacker to craft a specific request that triggers the leak. The vulnerability can be exploited remotely over the router’s management interface, allowing an attacker with network reach to trigger the exploit. The CVSS score of 7.5 indicates a high risk, and the EPSS score of 24.7% suggests a relatively high likelihood of exploitation. The issue is not listed in the CISA KEV catalog. As the leak reveals privileged credentials, the potential for serious compromise remains significant.
OpenCVE Enrichment