Back

Multiple CVEs Disclose Pre-auth Credential Exposure in ZTE Routers

Severity: High (Score: 70.5)

Sources: Reddit

Published: 2026-05-21 · Updated: 2026-05-21

Keywords: credential, cve-2026-34474, pre-auth, disclosure, h298a, h108n, ethcheat

Severity indicators: closure, CVE:CVE-2026-34474, CVE:CVE-2026-34474, CVE:CVE-2026-34474

Summary

CVE-2026-34472 and CVE-2026-34474 reveal critical pre-authentication credential exposure vulnerabilities in ZTE routers. CVE-2026-34472 affects the ZTE H188A V6 router, allowing unauthenticated access to sensitive configuration values. CVE-2026-34474 impacts the ZTE ZXHN H298A and H108N routers, where an ETHCheat branch exposes credential-bearing HTML before authentication. Both vulnerabilities were published in March and May 2026, with the first public proof of concept (PoC) released on May 19, 2026. The flaws enable attackers to retrieve admin credentials and WLAN settings, posing significant risks to network security. Users of affected ZTE router models are advised to take immediate action to mitigate the risks. The PoC for both vulnerabilities was submitted by the same user, indicating a coordinated disclosure effort. Key Points: • CVE-2026-34472 affects ZTE H188A V6 routers, exposing sensitive credentials pre-authentication. • CVE-2026-34474 impacts ZTE ZXHN H298A and H108N routers, allowing credential disclosure via ETHCheat. • Both vulnerabilities have public PoCs released, increasing the risk of exploitation.

Detailed Analysis

**Impact** The vulnerabilities affect ZTE H188A V6, ZXHN H298A 1.1, and H108N 2.6 routers, exposing pre-authentication credentials including admin passwords, WLAN PSKs, ESSIDs, and serial data. The scope includes users of these specific router models, potentially impacting residential and small business networks globally where these devices are deployed. Exposed credentials enable unauthorized access to router configurations, risking network compromise and data interception. **Technical Details** CVE-2026-34472 exploits a routing flaw in the ZTE H188A V6 router that allows unauthenticated access to the pre-login setup wizard, returning sensitive configuration data. CVE-2026-34474 affects ZTE ZXHN H298A and H108N routers via an ETHCheat branch that returns credential-bearing HTML before authentication, with a companion wizard endpoint exposing serial data. Both vulnerabilities enable credential disclosure and authentication bypass at the initial access stage of the kill chain. No specific IOCs or malware are provided. **Recommended Response** Apply vendor patches addressing CVE-2026-34472 and CVE-2026-34474 immediately once available. Harden router configurations by disabling or restricting access to setup wizards and diagnostic endpoints exposed pre-authentication. Deploy network monitoring for unusual access attempts to router management interfaces and monitor for unauthorized configuration changes. If patches are unavailable, isolate affected devices from untrusted networks and monitor for exploitation attempts.

Source articles (2)

  • CVE-2026-34474: Pre-auth credential disclosure in ZTE H298A / H108N via ETHCheat — Reddit · 2026-05-21
    CVE-2026-34474 covers a pre-auth credential disclosure in ZTE ZXHN H298A 1.1 and H108N 2.6 router web interfaces. The short version: an ETHCheat branch returns credential-bearing HTML before authentic…
  • CVE-2026-34472: Pre — Reddit · 2026-05-20
    I published a technical analysis of CVE-2026-34472, a pre-authentication credential exposure and authentication bypass in the ZTE H188A V6 router. Root cause: a routing flaw allows unauthenticated acc…

Timeline

  • 2026-03-30 — CVE-2026-34472 published: A pre-authentication credential exposure vulnerability in ZTE H188A V6 routers was disclosed.
  • 2026-05-06 — CVE-2026-34474 published: A pre-authentication credential disclosure vulnerability in ZTE ZXHN H298A and H108N routers was disclosed.
  • 2026-05-19 — First public PoCs released: Public proof of concepts for CVE-2026-34472 and CVE-2026-34474 were made available, demonstrating the vulnerabilities.
  • Recent — Security advisory issued: Users of affected ZTE routers are urged to take immediate action to secure their devices against potential exploitation.

CVEs

  • CVE-2026-34472
  • CVE-2026-34474

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • T1190 - Exploit Public-Facing Application (Mitre Attack)
  • ZTE H188a V6 Router (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed