CVE-2026-34472

EPSS 0.15%
Veröffentlicht 30.03.2026 00:00:00
Zuletzt bearbeitet 08.04.2026 16:05:42
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK, and PPPoE credentials. In some observed cases, configuration changes may also be performed without authentication.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zte ≫ Zxhn H188a Firmware Version6.0.10p2_te

Zte ≫ Zxhn H188a Version-

Zte ≫ Zxhn H188a Firmware Version6.0.10p3n3_te

Zte ≫ Zxhn H188a Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.353

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.1	2.8	4.2	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.zte.com.cn/global/

Product

https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-34472

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34472

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34472

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-34472