EIP-2026-101116

PRE-CVE

ZTE / TP-Link RomPager - Denial of Service

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101116. PoCs published by Osanda Malith Jayathissa.

AI-analyzed exploit summary This exploit targets a DoS vulnerability in RomPager/4.07 UPnP/1.0 on ZTE and TP-Link routers by sending a malformed HTTP POST request with an oversized 'PingIPAddr' parameter. It includes functionality to check for default credentials and decode passwords from the 'rom-0' file.

Description

ZTE / TP-Link RomPager - Denial of Service

Exploits (1)

exploitdb WORKING POC

by Osanda Malith Jayathissa · pythondoshardware

https://www.exploit-db.com/exploits/33737

View Code ZIP pw:eip

This exploit targets a DoS vulnerability in RomPager/4.07 UPnP/1.0 on ZTE and TP-Link routers by sending a malformed HTTP POST request with an oversized 'PingIPAddr' parameter. It includes functionality to check for default credentials and decode passwords from the 'rom-0' file.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: RomPager/4.07 UPnP/1.0 (ZTE ZXV10 W300, TP-Link TD-W8901G, etc.)

Auth required

Prerequisites: Network access to the target router · Default or decoded admin credentials

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026