HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Unauthenticated DoS in ZTE ZXHN Routers (CVE‑2026‑34473) Threatens ISP Service Availability

A newly disclosed CVE allows attackers to crash ZTE ZXHN routers by sending an oversized POST request, potentially disrupting service for over 140 k publicly reachable devices. TPRM teams should verify firmware and apply mitigations to protect downstream customers.

LiveThreat™ Intelligence · 📅 May 30, 2026· 📰 exploit-db.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
exploit-db.com

Unauthenticated Denial‑of‑Service Vulnerability (CVE‑2026‑34473) Cripples 140k+ ZTE ZXHN Routers

What Happened – A flaw in the CGILua post.lua parser of 17+ ZTE ZXHN router models allows an unauthenticated attacker to send an oversized application/x‑www‑form‑urlencoded POST request, crashing the router’s web service. The vulnerability (CVE‑2026‑34473) is publicly disclosed with a working PoC.

Why It Matters for TPRM

  • Service availability of ISP‑provided broadband can be silently disrupted, affecting downstream customers.
  • Large fleets of exposed routers (≈140 k) increase the attack surface for supply‑chain and downstream risk.
  • Lack of authentication means any Internet‑reachable device can be taken offline without credential theft.

Who Is Affected – Telecommunications/Internet Service Providers, enterprises that lease ZTE routers for WAN access, and any organization that relies on ZTE ZXHN models for edge connectivity.

Recommended Actions

  • Inventory all ZTE ZXHN routers and verify firmware version.
  • Apply vendor‑issued patches or mitigate by rate‑limiting POST requests to /cgi-bin/luci.
  • Deploy network‑level DDoS protection and monitor for abnormal POST traffic.

Technical Notes – The vulnerability stems from an unchecked POST body size in the CGILua post.lua parser (multiple ZTE models, 17+ confirmed). Exploitation requires only a single HTTP POST to any CGI endpoint; no credentials are needed. No CVE‑related data leakage, only denial of service. Source: https://www.exploit-db.com/exploits/52594

📰 Original Source
https://www.exploit-db.com/exploits/52594

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →