CVE-2026-34473
Awaiting Analysis Awaiting Analysis - Queue
Unauthenticated DoS in ZTE Router Firmware

Publication date: 2026-05-06

Last updated on: 2026-05-26

Assigner: MITRE

Description
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST body. After triggering, the management interface may become unresponsive until the device is rebooted. This may affect any firmware version prior to 2022 (reporter observation). The supplier stated that devices are not vulnerable since 2021-03-23; operator firmware may vary.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-34473
EUVD
EUVD-2026-27881
Affected Vendors & Products
Showing 17 associated CPEs
Vendor Product Version / Range
zte h8102e *
zte h168n *
zte h167a *
zte h199a *
zte h288a *
zte h198a *
zte h267a *
zte h267n *
zte h268a *
zte h388x *
zte h196a *
zte h369a *
zte h268n *
zte h208n *
zte h367n *
zte h181a *
zte h196q to 2022 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated denial-of-service (DoS) issue affecting multiple ZTE router models. It occurs when an attacker sends an oversized application/x-www-form-urlencoded POST request to the router's web management interface. This causes the interface to become unresponsive until the device is rebooted.

Impact Analysis

The impact of this vulnerability is that an attacker can cause the router's management interface to become unresponsive without needing to authenticate. This denial-of-service condition can disrupt management and control of the device, potentially leading to downtime or loss of administrative access until the router is rebooted.

Mitigation Strategies

The vulnerability affects ZTE routers with firmware versions prior to 2022. The supplier states that devices are not vulnerable since 2021-03-23, although operator firmware may vary.

Immediate mitigation steps include ensuring that your device firmware is updated to a version released after 2021-03-23 to avoid the vulnerability.

If updating firmware is not immediately possible, monitor and restrict access to the router's web management interface to trusted networks only, to reduce exposure.

Compliance Impact

The vulnerability described is an unauthenticated denial-of-service (DoS) affecting various ZTE router models by causing the management interface to become unresponsive. It does not involve unauthorized access to sensitive data or information disclosure.

Since the vulnerability impacts availability but does not compromise confidentiality or integrity of data, its direct effect on compliance with standards like GDPR or HIPAAβ€”which primarily focus on protecting personal data privacy and securityβ€”is limited.

However, prolonged denial-of-service conditions could indirectly affect compliance if critical systems relying on these devices become unavailable, potentially impacting service continuity requirements under such regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34473. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart