CVE-2026-34472 — HIGH (7.1)

Vulnerability Description

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK, and PPPoE credentials. In some observed cases, configuration changes may also be performed without authentication.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Zte	Zxhn H188A Firmware	6.0.10p2_te
Zte	Zxhn H188A	-

Related Weaknesses (CWE)

CWE-306 CWE-200

References

https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9Third Party Advisory
https://www.zte.com.cn/global/Product

FAQ

What is CVE-2026-34472?

CVE-2026-34472 is a vulnerability with a CVSS score of 7.1 (HIGH). Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials ...

How severe is CVE-2026-34472?

CVE-2026-34472 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-34472?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxhn H188A Firmware, Zte Zxhn H188A.