| Название | ZTE ZXHN H188A V6.0.10P2_TE / V6.0.10P3N3_TE Authentication Bypass |
|---|
| Описание | ZTE ZXHN H188A firmware V6.0.10P2_TE and V6.0.10P3N3_TE contains an unauthenticated pre-login wizard exposure reachable via the root path with attacker-controlled _type and _tag parameters. A request such as /?_type=tedataNotLoginData&_tag=wizard_lua.lua can return the default administrator password, WLAN PSK, and PPPoE credentials through actions including getPassword, wlan_get, and ppp_get. In validated cases the disclosed Wi-Fi password becomes the default administrator password when uppercased, which turns the credential leak into administrative authentication bypass. The issue is rooted in query-driven router selection that bypasses the normal QuickSetupEnable gate for empty URL paths. |
|---|
| Источник | ⚠️ https://minanagehsalalma.github.io/cve-2026-34472-auth-bypass-zte-h188a-router/ |
|---|
| Пользователь | MonxResearch (UID 98419) |
|---|
| Представление | 20.05.2026 18:14 (19 дни назад) |
|---|
| Модерация | 05.06.2026 18:59 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 354212 [ZTE ZXHN H188A 6.0.10P2_TE/6.0.10P3N3_TE Wizard Interface раскрытие информации] |
|---|
| Баллы | 20 |
|---|