CVE-2026-34474

EPSS 0.05%
Veröffentlicht 06.05.2026 00:00:00
Zuletzt bearbeitet 07.05.2026 15:15:06
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling authentication bypass and network compromise. Some firmware versions may expose only partial identifiers (e.g., serial number, ESSID, MAC addresses).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 0 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.161

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.zte.com.cn/global/

https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9

https://nvd.nist.gov/vuln/detail/CVE-2026-34474

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34474

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34474

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-34474