CVE-2026-34474
Sensitive Data Exposure in ZTE ZXHN H298A and H108N Routers
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zte | zxhn_h298a | 1.1 |
| zte | zxhn_h108n | 2.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves sensitive data exposure in ZTE ZXHN H298A 1.1 and H108N 2.6 routers. By sending a specially crafted request to the router's web interface, an attacker can obtain sensitive device and account information. This may include the administrator password and WLAN pre-shared key (PSK), which can allow the attacker to bypass authentication and compromise the network.
In some firmware versions, the exposure might be limited to partial identifiers such as the device serial number, ESSID, or MAC addresses.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to the router's administrative interface and wireless network. An attacker who exploits this flaw can obtain the administrator password and WLAN PSK, enabling them to bypass authentication controls.
This can result in network compromise, allowing the attacker to intercept, modify, or disrupt network traffic, potentially leading to further attacks on connected devices.