| Название | ZTE ZXHN H298A / ZXHN H108N H298A 1.1 / H108N 2.6 Sensitive Data Exposure |
|---|
| Описание | ZTE ZXHN H298A 1.1 and ZXHN H108N 2.6 expose privileged configuration data to unauthenticated callers through GET /getpage.lua?pid=1000ÐCheat=1. The returned HTML contains the administrator password, WLAN PSK, and ESSID in hidden input fields, and a related wizard endpoint exposes serial information. This is a direct authentication-boundary failure because the live management secrets are disclosed in the response body before login. |
|---|
| Источник | ⚠️ https://minanagehsalalma.github.io/cve-2026-34474-zte-h298a-h108n-sensitive-data-exposure/ |
|---|
| Пользователь | MonxResearch (UID 98419) |
|---|
| Представление | 20.05.2026 18:15 (18 дни назад) |
|---|
| Модерация | 05.06.2026 18:59 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 361715 [ZTE ZXHN H298A 1.1 Router Web Interface раскрытие информации] |
|---|
| Баллы | 20 |
|---|