Sensitive Data Exposure in ZTE ZXHN Routers by ZTE
CVE-2026-34474

7.5HIGH

Key Information:

Vendor: ZTE
Status: ZXHN H298A and ZXHN H108N
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-34474?

The ZTE ZXHN H298A (version 1.1) and ZXHN H108N (version 2.6) have a vulnerability that can lead to sensitive data exposure. An attacker can exploit this issue by sending a crafted request to the router's web interface, potentially revealing sensitive information such as the administrator password and WLAN Pre-Shared Key (PSK). This exposure poses serious security risks, including the possibility of authentication bypass and network compromise. Additionally, certain firmware versions might leak partial identifiers like serial numbers, ESSID, and MAC addresses, further amplifying the vulnerability.

References

https://www.zte.com.cn/global/

https://gist.github.com/minanagehsalalma/7a8516b9b00d0008...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Mar 27, 2026

CVE-2026-34474 Data

JSON