Full Disclosure mailing list archives

-----BEGIN SECURITY ADVISORY-----

Advisory ID:    MONX-2026-003
CVE ID:         CVE-2026-34474
Title:          ZTE ZXHN H298A / H108N - Unauthenticated Admin Password &
WLAN Credential Exposure
Affected:       ZTE ZXHN H298A 1.1, ZTE ZXHN H108N 2.6 (EOL; no patch
planned)
Date:           2026-05-20
Author:         Mina Nageh Salalma (Monx Research)
Contact:        minanageh379 () gmail com
Public URL:
https://github.com/minanagehsalalma/cve-2026-34474-zte-h298a-h108n-sensitive-data-exposure
MITRE:          https://www.cve.org/CVERecord?id=CVE-2026-34474


VULNERABILITY DESCRIPTION
--------------------------
A single unauthenticated HTTP GET to /getpage.lua?pid=1000&ETHCheat=1 on ZTE
H298A or H108N routers returns the live administrator password
(OBJ_USERINFO_IDPassword1), WLAN PSK (WLANPSK_KeyPassphrase1), and SSID in
plaintext HTML. A second endpoint exposes the device serial number.

Note: ZTE declined vendor-side assignment citing product EOL. MITRE assigned
CVE-2026-34474 directly and published the record 2026-05-06. These devices
remain deployed by some ISPs.


CREDITS
-------
Mina Nageh Salalma (Monx Research)
https://github.com/minanagehsalalma

-----END SECURITY ADVISORY-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

• [SECURITY ADVISORY] CVE-2026-34474 - ZTE H298A/H108N Unauthenticated Admin Credential Exposure m.nageh (May 25)