CVE-2026-34472

HIGH EPSS 94.6%

Published Mar 30, 20263mo ago · Modified Jun 17, 20261w ago

7.1 CVSS 3.1

High

Published Mar 30, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK, and PPPoE credentials. In some observed cases, configuration changes may also be performed without authentication.

CVSS Details

Base Score

7.1

Exploitability

2.8

Impact

4.2

Vector string

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector Adjacent

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

94.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

CWE-306 Missing Authentication for Critical Function Authentication

Affected Products 4

Vendor	Product	Version	Range
zte	zxhn_h188a_firmware	6.0.10p2_te	any
zte	zxhn_h188a	*	any
zte	zxhn_h188a_firmware	6.0.10p3n3_te	any
zte	zxhn_h188a	*	any

References 3

seclists.org http://seclists.org/fulldisclosure/2026/May/19
gist.github.com https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9

Third Party Advisory
zte.com.cn https://www.zte.com.cn/global/

Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.