Vulnerability Report

CVE-2026-34473

Title: Unauthenticated DoS in multiple router models

DoS

Proof Of Concept

PoC Available for CVE-2026-34473

CWE Category CWE-400
Published Date May 06, 2026
Modified Date May 26, 2026
Exploit Status Available
Score 7.5 CVSS v3.1
Exploit Probability (EPSS)
2.05%

Vulnerability Summary

CVE-2026-34473: Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST body. After triggering, the management interface may become unresponsive until the device is rebooted. This may affect any firmware version prior to 2022 (reporter observation). The supplier stated that devices are not vulnerable since 2021-03-23; operator firmware may vary.

Impacted Vendors

Analysis in Progress...

Reference Links

https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9 https://www.zte.com.cn/global/
CVSS v3.1
Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity HIGH
7.5
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-34473 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/minanagehsalalma/cve-2026-34473-unauthenticated-dos-zte-routers
View Code
Exploit-DB https://www.exploit-db.com/exploits/52594
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Stack

No specific products linked.