Sensitive Data Exposure in ZTE ZXHN Routers by ZTE
CVE-2026-34474

7.5HIGH

Key Information:

Vendor: ZTE
Status: ZXHN H298A and ZXHN H108N
Vendor: CVE Published:; 6 May 2026

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 24%

What is CVE-2026-34474?

The ZTE ZXHN H298A (version 1.1) and ZXHN H108N (version 2.6) have a vulnerability that can lead to sensitive data exposure. An attacker can exploit this issue by sending a crafted request to the router's web interface, potentially revealing sensitive information such as the administrator password and WLAN Pre-Shared Key (PSK). This exposure poses serious security risks, including the possibility of authentication bypass and network compromise. Additionally, certain firmware versions might leak partial identifiers like serial numbers, ESSID, and MAC addresses, further amplifying the vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2026-34474-zte-h298a-h108n-sensitive-data-exposure
Created by minanagehsalalma

References

https://www.zte.com.cn/global/

https://gist.github.com/minanagehsalalma/7a8516b9b00d0008...

EPSS Score

24% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 19, 2026
👾
Exploit known to exist
May 19, 2026
Vulnerability published
May 6, 2026
Vulnerability Reserved
Mar 27, 2026

CVE-2026-34474 Data

JSON