CVE-2026-34472

HIGH

ZTE ZXHN H188A V6.0.10P2_TE/V6.0.10P3N3_TE - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-34472. PoCs published by Mina Nageh Salalma, minanagehsalalma.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in ZTE ZXHN H188A V6 routers by crafting a request with specific parameters to trigger a wizard credential endpoint, leaking WLAN PSKs, SSIDs, and PPPoE usernames. The exploit leverages a flaw in the router's logic where unauthenticated requests can access sensitive data.

Description

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK, and PPPoE credentials. In some observed cases, configuration changes may also be performed without authentication.

Exploits (2)

exploitdb WORKING POC

by Mina Nageh Salalma · textlocalmultiple

https://www.exploit-db.com/exploits/52593

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in ZTE ZXHN H188A V6 routers by crafting a request with specific parameters to trigger a wizard credential endpoint, leaking WLAN PSKs, SSIDs, and PPPoE usernames. The exploit leverages a flaw in the router's logic where unauthenticated requests can access sensitive data.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ZTE ZXHN H188A V6.0.10P2_TE, V6.0.10P3N3_TE

No auth needed

Prerequisites: Network access to the target router

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 30, 2026 Full analysis →

nomisec WORKING POC

by minanagehsalalma · poc

https://github.com/minanagehsalalma/cve-2026-34472-auth-bypass-zte-h188a-router

View Code ZIP pw:eip

The repository contains a functional Python script that exploits an authentication bypass vulnerability (CVE-2026-34472) in ZTE ZXHN H188A V6 routers. The script sends unauthenticated HTTP requests to exposed wizard handlers to extract sensitive credentials and configuration data.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ZTE ZXHN H188A V6 router

No auth needed

Prerequisites: Network access to the target router · Exposed wizard handlers on the router

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 20, 2026 Full analysis →

References (3)

Core 3

Core References

https://www.zte.com.cn/global/

https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9

Mailing List

http://seclists.org/fulldisclosure/2026/May/19

Scores

CVSS v3 7.1

EPSS 0.0088

EPSS Percentile 75.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-306

Status published

Products (3)

n/a/n/a

zte/zxhn_h188a_firmware 6.0.10p2_te

zte/zxhn_h188a_firmware 6.0.10p3n3_te

Published Mar 30, 2026

Tracked Since Mar 30, 2026