Cyber Resilience

CVE-2026-34472

HighUpdated

Published: 30 March 2026

Published
30 March 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0088 75.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34472 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Zte Zxhn H188A Firmware. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-34472, published on 2026-03-30, is an unauthenticated credential disclosure vulnerability in the wizard interface of ZTE ZXHN H188A routers running firmware versions V6.0.10P2_TE and V6.0.10P3N3_TE. It enables attackers to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK, and PPPoE credentials. The issue is associated with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-306 (Missing Authentication for Critical Function), and carries a CVSS v3.1 base score of 7.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), indicating high confidentiality impact with low integrity impact and no availability impact.

Unauthenticated attackers on the local network can exploit this vulnerability with low attack complexity and no user interaction required. Exploitation allows retrieval of critical credentials, potentially granting full administrative access to the router. In some observed cases, attackers may also perform configuration changes without authentication, enabling further network compromise such as altering Wi-Fi settings or internet connection parameters.

Advisories and additional details are available via references including a GitHub Gist at https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9 and the ZTE official website at https://www.zte.com.cn/global/.

EU & UK References

Vulnerability details

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK, and PPPoE…

more

credentials. In some observed cases, configuration changes may also be performed without authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

The unauthenticated vulnerability in the router's web wizard interface directly enables exploitation of a public-facing application (T1190) to obtain unsecured credentials (T1552).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-67805Shared CWE-200, CWE-306
CVE-2026-30846Shared CWE-200, CWE-306
CVE-2026-45332Shared CWE-200, CWE-306
CVE-2026-40436Same vendor: Zte
CVE-2025-26001Shared CWE-200
CVE-2025-53118Shared CWE-306
CVE-2026-25146Shared CWE-200
CVE-2025-55190Shared CWE-200
CVE-2024-56902Shared CWE-200
CVE-2024-48125Shared CWE-200

Affected Assets

zte
zxhn h188a firmware
6.0.10p2_te, 6.0.10p3n3_te

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventdetect

Directly counters the missing authentication for critical functions by requiring identification, limitation, authorization, and monitoring of permitted unauthenticated actions in the wizard interface.

prevent

Mandates unique identification and authentication for non-organizational users like local network attackers accessing the router's web management interface.

prevent

Enforces approved authorizations for logical access to the web management wizard, preventing unauthenticated disclosure of credentials and configuration changes.

References