Submit #834235: ZTE ZXHN H168N V3.5.0_EG1T4_TE Information Disclosureinfo

TitleZTE ZXHN H168N V3.5.0_EG1T4_TE Information Disclosure
DescriptionZTE ZXHN H168N firmware up to V3.5.0_EG1T4_TE exposes sensitive PPPoE and WLAN data through unauthenticated wizard_page handlers because of improper permission settings. Requests to wizard_pppoe_lua.lua and wizard_wlan_config_lua.lua can return structured data including Wi-Fi secrets without a valid session. In ISP deployments described in the disclosure, the leaked values could be repurposed into full administrator compromise.
Source⚠️ https://minanagehsalalma.github.io/cve-2021-21735-zte-zxhn-h168n-admin-compromise/
User
 MonxResearch (UID 98419)
Submission05/20/2026 18:16 (21 days ago)
Moderation06/05/2026 18:59 (16 days later)
StatusDuplicate
VulDB entry176796 [ZTE ZXHN H168N up to 3.5.0_EG1T4_TE Wizard Page information disclosure]
Points0

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!