CVE-2026-34473
Unauthenticated DoS in ZTE Router Firmware
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zte | h8102e | * |
| zte | h168n | * |
| zte | h167a | * |
| zte | h199a | * |
| zte | h288a | * |
| zte | h198a | * |
| zte | h267a | * |
| zte | h267n | * |
| zte | h268a | * |
| zte | h388x | * |
| zte | h196a | * |
| zte | h369a | * |
| zte | h268n | * |
| zte | h208n | * |
| zte | h367n | * |
| zte | h181a | * |
| zte | h196q | to 2022 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated denial-of-service (DoS) issue affecting multiple ZTE router models. It occurs when an attacker sends an oversized application/x-www-form-urlencoded POST request to the router's web management interface. This causes the interface to become unresponsive until the device is rebooted.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can cause the router's management interface to become unresponsive without needing to authenticate. This denial-of-service condition can disrupt management and control of the device, potentially leading to downtime or loss of administrative access until the router is rebooted.