| Title | ZTE ZXHN H-Series Routers Multiple H-series models before 2022 Denial of Service |
|---|
| Description | Multiple ZTE H-series router firmware branches are vulnerable to unauthenticated denial of service through an oversized application/x-www-form-urlencoded POST request. The web stack forwards attacker-controlled POST bodies into the CGILua parser before authentication gates matter, and the parser reads and parses the request body as long as it stays below the visible maxinput budget. This can render the router web management interface unavailable and required manual reboot during validation. |
|---|
| Source | ⚠️ https://minanagehsalalma.github.io/cve-2026-34473-unauthenticated-dos-zte-routers/ |
|---|
| User | MonxResearch (UID 98419) |
|---|
| Submission | 05/20/2026 18:15 (21 days ago) |
|---|
| Moderation | 06/05/2026 18:59 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 361708 [ZTE H8102E prior 2021-03-23 Management Interface denial of service] |
|---|
| Points | 20 |
|---|