ZTE ZXHN H-Series Unauthenticated Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in multiple ZTE ZXHN H-series router models, including the H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. This vulnerability allows an unauthenticated attacker to disrupt the router's web management interface by sending an oversized application/x-www-form-urlencoded POST request. As a result, the interface may become unresponsive and require a device reboot to restore functionality. This issue is believed to affect any firmware version prior to 2022, although the supplier claims devices are not vulnerable since March 23, 2021, and operator firmware may vary.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing a loss of availability in the management interface.