CVE-2026-34473
Unauthenticated DoS in ZTE Router Firmware
Publication date: 2026-05-06
Last updated on: 2026-05-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zte | h8102e | * |
| zte | h168n | * |
| zte | h167a | * |
| zte | h199a | * |
| zte | h288a | * |
| zte | h198a | * |
| zte | h267a | * |
| zte | h267n | * |
| zte | h268a | * |
| zte | h388x | * |
| zte | h196a | * |
| zte | h369a | * |
| zte | h268n | * |
| zte | h208n | * |
| zte | h367n | * |
| zte | h181a | * |
| zte | h196q | to 2022 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated denial-of-service (DoS) issue affecting multiple ZTE router models. It occurs when an attacker sends an oversized application/x-www-form-urlencoded POST request to the router's web management interface. This causes the interface to become unresponsive until the device is rebooted.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can cause the router's management interface to become unresponsive without needing to authenticate. This denial-of-service condition can disrupt management and control of the device, potentially leading to downtime or loss of administrative access until the router is rebooted.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability affects ZTE routers with firmware versions prior to 2022. The supplier states that devices are not vulnerable since 2021-03-23, although operator firmware may vary.
Immediate mitigation steps include ensuring that your device firmware is updated to a version released after 2021-03-23 to avoid the vulnerability.
If updating firmware is not immediately possible, monitor and restrict access to the router's web management interface to trusted networks only, to reduce exposure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability described is an unauthenticated denial-of-service (DoS) affecting various ZTE router models by causing the management interface to become unresponsive. It does not involve unauthorized access to sensitive data or information disclosure.
Since the vulnerability impacts availability but does not compromise confidentiality or integrity of data, its direct effect on compliance with standards like GDPR or HIPAAβwhich primarily focus on protecting personal data privacy and securityβis limited.
However, prolonged denial-of-service conditions could indirectly affect compliance if critical systems relying on these devices become unavailable, potentially impacting service continuity requirements under such regulations.