{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/h298a/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["H298A","H108N"],"_cs_severities":["high"],"_cs_tags":["credential-exposure","router","exploit"],"_cs_type":"advisory","_cs_vendors":["ZTE"],"content_html":"\u003cp\u003eA public exploit, EDB-52592, has been released on Exploit-DB detailing an unauthenticated credential exposure vulnerability affecting ZTE H298A and H108N routers. This vulnerability allows an unauthenticated attacker on the local network to retrieve sensitive information, including administrative credentials, from the affected devices. The availability of this exploit increases the likelihood of successful attacks against unpatched devices, as it lowers the barrier to entry for less sophisticated attackers. Defenders should prioritize patching or mitigating this vulnerability to prevent unauthorized access and potential compromise of affected routers and networks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains access to the local network where the ZTE H298A/H108N router is located.\u003c/li\u003e\n\u003cli\u003eAttacker sends a specially crafted HTTP request to the router without authentication.\u003c/li\u003e\n\u003cli\u003eThe router improperly handles the request and exposes sensitive information, including credentials.\u003c/li\u003e\n\u003cli\u003eAttacker parses the response to extract the administrative username and password.\u003c/li\u003e\n\u003cli\u003eAttacker uses the obtained credentials to log in to the router\u0026rsquo;s web interface.\u003c/li\u003e\n\u003cli\u003eAttacker modifies router settings, such as DNS servers or firewall rules.\u003c/li\u003e\n\u003cli\u003eAttacker can perform man-in-the-middle attacks or redirect traffic to malicious servers.\u003c/li\u003e\n\u003cli\u003eAttacker gains complete control of the router and can use it as a pivot point to further compromise the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to gain complete control over the affected ZTE routers. This can lead to a variety of malicious activities, including DNS hijacking, man-in-the-middle attacks, and network-wide compromise. Given the prevalence of these routers in home and small business networks, a large number of users are potentially at risk. This could result in data theft, service disruption, and further propagation of malware within the compromised network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for suspicious HTTP requests to ZTE H298A/H108N routers using the provided Sigma rules to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eApply available patches or firmware updates from ZTE to address the credential exposure vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement strong password policies and enforce multi-factor authentication where available to mitigate the impact of credential compromise.\u003c/li\u003e\n\u003cli\u003eSegment networks to limit the lateral movement of attackers in case of a successful router compromise.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T08:12:28Z","date_published":"2026-05-29T08:12:28Z","id":"https://feed.craftedsignal.io/briefs/2026-05-zte-credential-exposure/","summary":"A public exploit (EDB-52592) has been published for ZTE H298A and H108N routers, which allows unauthenticated access to sensitive credentials.","title":"ZTE H298A/H108N Unauthenticated Credential Exposure","url":"https://feed.craftedsignal.io/briefs/2026-05-zte-credential-exposure/"}],"language":"en","title":"CraftedSignal Threat Feed — H298A","version":"https://jsonfeed.org/version/1.1"}