Executive Summary

CVE-2026-34472 is a vulnerability in the ZTE ZXHN H188A router models V6.0.10P2_TE and V6.0.10P3N3_TE. It allows unauthenticated attackers on the local network to access the router's web management interface wizard without needing to log in.

Through this vulnerability, attackers can retrieve sensitive credentials such as the default administrator password, WLAN pre-shared key (PSK), and PPPoE credentials. In some cases, attackers may also perform configuration changes without authentication.

The vulnerability is exploitable via a specific web endpoint that exposes sensitive configuration data, leading to information disclosure, authentication bypass, and privilege escalation.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive router credentials, which can compromise the security of your network.

• Attackers can obtain the administrator password, allowing them full control over the router.
• Exposure of WLAN PSK can allow attackers to connect to your wireless network without permission.
• Disclosure of PPPoE credentials can lead to unauthorized use of your internet connection.
• In some cases, attackers may change router configurations without authentication, potentially disrupting network operations or further compromising security.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the ZTE ZXHN H188A router's web management interface is accessible without authentication and if sensitive credentials can be retrieved via the wizard interface.

Specifically, the vulnerability is exploitable through the endpoint `/?_type=tedataNotLoginData&_tag=wizard_lua.lua&IF_ACTION=...`. You can attempt to access this endpoint on the router's IP address to see if sensitive data is disclosed.

• Use a command like: curl http://<router-ip>/?_type=tedataNotLoginData&_tag=wizard_lua.lua&IF_ACTION= to test if the endpoint returns sensitive information without authentication.
• Scan your local network for devices running ZTE ZXHN H188A firmware versions V6.0.10P2_TE or V6.0.10P3N3_TE, as these are vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web management interface to trusted users only, preferably by limiting access to specific IP addresses or VLANs on the local network.

Additionally, update the router firmware to a version that patches this vulnerability if such an update is available from the vendor.

If an update is not available, consider disabling the wizard interface or web management interface temporarily to prevent unauthenticated access.

Change all default passwords and credentials to strong, unique values to reduce the impact if credentials are disclosed.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including administrator passwords and network credentials.

Such unauthorized disclosure of sensitive information can lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.

Therefore, this vulnerability potentially compromises compliance with these standards by exposing sensitive credentials without authentication.

Useful 0 Not Useful 0