HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Unauthenticated Credential Exposure in ZTE ZXHN H298A/H108N Routers (CVE‑2026‑34474) Reveals Admin Password and Wi‑Fi PSK

A critical vulnerability (CVE‑2026‑34474) in ZTE ZXHN H298A and H108N routers allows anyone on the Internet to retrieve the device's admin password, Wi‑Fi pre‑shared key, ESSID, and serial number via a single unauthenticated HTTP request. Organizations that rely on these routers face immediate credential compromise risk and must patch or replace affected firmware.

LiveThreat™ Intelligence · 📅 May 30, 2026· 📰 exploit-db.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
5 recommended
📰
Source
exploit-db.com

Unauthenticated Credential Exposure in ZTE ZXHN H298A/H108N Routers (CVE‑2026‑34474) Reveals Admin Password and Wi‑Fi PSK

What Happened – A newly disclosed vulnerability (CVE‑2026‑34474) allows any unauthenticated attacker to issue a single HTTP GET request to /getpage.lua?pid=1000&ETHCheat=1 on ZTE ZXHN H298A (firmware 1.1) or H108N (firmware 2.6) routers. The response returns the live administrator password, Wi‑Fi pre‑shared key (PSK), ESSID, and serial number in clear‑text. No session, cookie, or authentication is required.

Why It Matters for TPRM

  • Exposed admin credentials enable full control of the router, allowing downstream network compromise of any connected third‑party services.
  • Wi‑Fi PSK leakage can be leveraged to infiltrate corporate premises that rely on the router for guest or site‑to‑site connectivity.
  • The flaw is exploitable remotely over the Internet, expanding the attack surface for any organization that outsources broadband or uses ZTE equipment in its facilities.

Who Is Affected – Telecommunications service providers, enterprises that deploy ZTE ZXHN H298A/H108N routers in branch offices, managed service providers (MSPs) that provision these devices for clients, and any third‑party SaaS platforms reachable through the compromised network.

Recommended Actions

  • Inventory all ZTE ZXHN H298A and H108N devices and verify firmware versions.
  • Immediately upgrade to firmware releases that patch CVE‑2026‑34474 (or apply vendor‑provided mitigations).
  • Enforce network segmentation to isolate router management interfaces from business traffic.
  • Rotate administrator passwords and Wi‑Fi PSKs on all affected devices.
  • Review remote access controls and consider blocking HTTP access to the vulnerable endpoint at the perimeter.

Technical Notes – The vulnerability is a VULNERABILITY_EXPLOIT: an unauthenticated HTTP GET to /getpage.lua?pid=1000&ETHCheat=1 returns HTML containing OBJ_USERINFO_IDPassword1, WLANPSK_KeyPassphrase1, and WLANAP_ESSID1 fields in plaintext. A second endpoint (/wizard_page/wizard_overETHfail_set_lua.lua) discloses the device serial number. No authentication, session, or cookie is required. Source: Exploit‑DB 52592

📰 Original Source
https://www.exploit-db.com/exploits/52592

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →