Share
## https://sploitus.com/exploit?id=PACKETSTORM:221997
-----BEGIN SECURITY ADVISORY-----
    
    Advisory ID:    MONX-2026-003
    CVE ID:         CVE-2026-34474
    Title:          ZTE ZXHN H298A / H108N - Unauthenticated Admin Password &
    WLAN Credential Exposure
    Affected:       ZTE ZXHN H298A 1.1, ZTE ZXHN H108N 2.6 (EOL; no patch
    planned)
    Date:           2026-05-20
    Author:         Mina Nageh Salalma (Monx Research)
    Contact:        minanageh379@gmail.com
    Public URL:
    https://github.com/minanagehsalalma/cve-2026-34474-zte-h298a-h108n-sensitive-data-exposure
    MITRE:          https://www.cve.org/CVERecord?id=CVE-2026-34474
    
    
    VULNERABILITY DESCRIPTION
    --------------------------
    A single unauthenticated HTTP GET to /getpage.lua?pid=1000&ETHCheat=1 on ZTE
    H298A or H108N routers returns the live administrator password
    (OBJ_USERINFO_IDPassword1), WLAN PSK (WLANPSK_KeyPassphrase1), and SSID in
    plaintext HTML. A second endpoint exposes the device serial number.
    
    Note: ZTE declined vendor-side assignment citing product EOL. MITRE assigned
    CVE-2026-34474 directly and published the record 2026-05-06. These devices
    remain deployed by some ISPs.
    
    
    CREDITS
    -------
    Mina Nageh Salalma (Monx Research)
    https://github.com/minanagehsalalma
    
    -----END SECURITY ADVISORY-----