EIP-2026-101423

PRE-CVE

Router ZTE-H108NS - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101423. PoCs published by George Tsimpidas.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in ZTE-H108NS routers by using the HTTP HEAD method, which is not properly constrained by the router's security settings. The provided HTTP request bypasses Basic Authentication and grants access to the administration panel.

Description

Router ZTE-H108NS - Authentication Bypass

Exploits (1)

exploitdb WORKING POC

by George Tsimpidas · textremotehardware

https://www.exploit-db.com/exploits/51138

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in ZTE-H108NS routers by using the HTTP HEAD method, which is not properly constrained by the router's security settings. The provided HTTP request bypasses Basic Authentication and grants access to the administration panel.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ZTE-H108NS Router Firmware H108NSV1.0.7u_ZRD_GR2_A68

No auth needed

Prerequisites: Network access to the router's administration interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026