cbcvebase.
CVE-2026-34473
published 2026-05-06

CVE-2026-34473: Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A…

PriorityP259high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
2.38%
81.8th percentile
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST body. After triggering, the management interface may become unresponsive until the device is rebooted. This may affect any firmware version prior to 2022 (reporter observation). The supplier stated that devices are not vulnerable since 2021-03-23; operator firmware may vary.

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://<target>/cgi-bin/luci
path/cgi-bin/luci
commandPOST /cgi-bin/luci HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\na=AAAA...(256KB+)
  • Detect oversized application/x-www-form-urlencoded POST requests to /cgi-bin/luci on ZTE routers; default PoC uses 256 KB body (size_kb=256), but any abnormally large body to this endpoint is suspicious.
  • No authentication, session, or credentials are required to trigger the DoS — alert on large unauthenticated POST requests to ZTE CGI endpoints.
  • After successful exploitation the management interface becomes unresponsive until reboot; correlate device unreachability with prior large POST events.
  • Approximately 140,000+ publicly exposed ZTE ZXHN devices were identified at time of research; prioritise internet-facing ZTE routers for patching and monitoring.
  • ·Affected firmware scope is imprecisely defined: the reporter observed all versions prior to 2022 as vulnerable, but the supplier claims devices are patched since 2021-03-23; operator/ISP-customised firmware may still be vulnerable regardless of date.
  • ·17 confirmed affected ZTE models: H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, H196Q — detection rules should target all of these.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.