ZTE ZXHN H298A and H108N Sensitive Data Exposure Vulnerability Allowing Credential Leakage

Vulnerability

A vulnerability in the ZTE ZXHN H298A version 1.1 and H108N version 2.6 routers allows for sensitive data exposure through the web interface. This issue enables an unauthenticated user to access administrative credentials and Wi-Fi-related secrets, such as the WLAN Pre-Shared Key. The exposed information can lead to unauthorized access and compromise of the router's Wi-Fi credentials. In some affected firmware versions, only partial identifiers like the serial number, ESSID, and MAC addresses may be exposed instead of full credentials.

Impact

The vulnerability allows for information disclosure, authentication bypass, and unauthorized administrative access on the affected routers.

Added: May 6, 2026, 8:54 PM

Updated: May 6, 2026, 8:54 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.8

remediation

0.0

relevance

7.6

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.8

remediation

0.0

relevance

7.6

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZTE ZXHN H298A and H108N Sensitive Data Exposure Vulnerability Allowing Credential Leakage

Vulnerability

Impact

Affected Products

ZTE ZXHN H108N

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating