CVE-2026-34472
7.1 HIGHUnauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated at...
Published: 2026-03-30 · Last updated: 2026-05-26
Severity and scoring
- CVSS
- 7.1 HIGH
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- CWE
- CWE-200, CWE-306
Affected products
| Vendor | Product |
|---|---|
| zte | zxhn_h188a_firmware |
Description
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK, and PPPoE credentials. In some observed cases, configuration changes may also be performed without authentication.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-44409 — There is an an information disclosure vulnerability in ZTE MU5250 (5.7 MEDIUM)
- CVE-2021-21735 — A ZTE product has an information leak vulnerability (6.5 MEDIUM)
Same CWE
- CVE-2026-12117 — Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to ...
- CVE-2026-0647 — An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server
- CVE-2026-12320 — Information disclosure in the Password Manager component (4.3 MEDIUM)
- CVE-2026-12311 — Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
- CVE-2026-50870 — An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensi... (7.5 HIGH)