Mina Nageh Salalma

3 exploits Active since Mar 2026
CVE-2026-34474 EXPLOITDB HIGH text WORKING POC
ZTE ZXHN H298A 1.1/H108N 2.6 - Info Disclosure
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling authentication bypass and network compromise. Some firmware versions may expose only partial identifiers (e.g., serial number, ESSID, MAC addresses).
CVSS 7.5
CVE-2026-34473 EXPLOITDB HIGH text WORKING POC
ZTE Multiple Models - Unauthenticated DoS via Oversized POST Body
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST body. After triggering, the management interface may become unresponsive until the device is rebooted. This may affect any firmware version prior to 2022 (reporter observation). The supplier stated that devices are not vulnerable since 2021-03-23; operator firmware may vary.
CVSS 7.5
CVE-2026-34472 EXPLOITDB HIGH text WORKING POC
ZTE ZXHN H188A V6.0.10P2_TE/V6.0.10P3N3_TE - Info Disclosure
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK, and PPPoE credentials. In some observed cases, configuration changes may also be performed without authentication.
CVSS 7.1