CVE-2018-7357

MEDIUM

ZTE ZXHN H168N Firmware <= V2.2.0_PK1.2T5 - Unauthenticated Critical Function Access

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7357. PoCs published by Usman Saeed.

AI-analyzed exploit summary This PoC demonstrates unauthenticated access to WLAN credentials and the ability to change the WLAN passphrase via UPnP SOAP requests on ZTE ZXHN H168N devices. It exploits CVE-2018-7358 by sending crafted XML payloads to the vulnerable endpoints.

Description

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Usman Saeed · textwebappshardware
https://www.exploit-db.com/exploits/45972

This PoC demonstrates unauthenticated access to WLAN credentials and the ability to change the WLAN passphrase via UPnP SOAP requests on ZTE ZXHN H168N devices. It exploits CVE-2018-7358 by sending crafted XML payloads to the vulnerable endpoints.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ZTE ZXHN H168N v2.2 (Software Version: V2.2.0_PK1.2T5)
No auth needed
Prerequisites: Network access to the vulnerable device · UPnP service exposed on port 52869
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45972/

Scores

CVSS v3 6.5
EPSS 0.8787
EPSS Percentile 99.7%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-306
Status published
Products (4)
zte/zxhn_h168n_firmware 2.2.0_pk1.2t2
zte/zxhn_h168n_firmware 2.2.0_pk1.2t5
zte/zxhn_h168n_firmware 2.2.0_pk11t
zte/zxhn_h168n_firmware 2.2.0_pk11t7
Published Nov 14, 2018
Tracked Since Feb 18, 2026