{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/zxhn-h188a/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["ZXHN H188A"],"_cs_severities":["critical"],"_cs_tags":["credential-access","router","zte","cve-2026-34472"],"_cs_type":"advisory","_cs_vendors":["ZTE"],"content_html":"\u003cp\u003eCVE-2026-34472 is a critical vulnerability affecting ZTE ZXHN H188A routers, specifically versions V6.0.10P2_TE and V6.0.10P3N3_TE. This vulnerability allows an unauthenticated attacker on the local network to access sensitive information, including the default administrator password, WLAN PSK, and PPPoE credentials. The vulnerability resides within the router's web management interface and arises from insufficient access controls. Successful exploitation grants attackers the ability to potentially perform configuration changes without authentication, leading to a complete compromise of the device and connected network. Defenders need to prioritize detection and mitigation of this vulnerability to prevent unauthorized access and potential data breaches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains access to the local network where the vulnerable ZTE ZXHN H188A router is connected.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to the router's web management interface on port 80 or 443.\u003c/li\u003e\n\u003cli\u003eThe vulnerable router processes the request without proper authentication checks.\u003c/li\u003e\n\u003cli\u003eThe router discloses sensitive information, including the default administrator password, WLAN PSK, and PPPoE credentials, in the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the obtained administrator password to log into the web management interface.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies router settings, such as DNS servers, firewall rules, or WLAN configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker intercepts network traffic or redirects users to malicious websites.\u003c/li\u003e\n\u003cli\u003eThe attacker gains complete control over the router and the connected network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-34472 allows attackers to gain complete control over the vulnerable ZTE ZXHN H188A router and the connected network. This could lead to data breaches, malware infections, and denial-of-service attacks. Given the potential for unauthorized access and control, this vulnerability poses a significant risk to both home and small business networks. The number of affected devices and networks is currently unknown, but the widespread use of these routers suggests a potentially large attack surface.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect ZTE ZXHN H188A Credential Disclosure Attempt\u003c/code\u003e to your SIEM to detect suspicious HTTP requests targeting the router's web management interface.\u003c/li\u003e\n\u003cli\u003eDisable remote access to the router's web management interface to reduce the attack surface.\u003c/li\u003e\n\u003cli\u003eIf possible, replace the vulnerable ZTE ZXHN H188A router with a more secure model.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual DNS queries or connections to suspicious IP addresses after applying this patch using network_connection and dns_query logs.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-03-zte-zxhn-credential-disclosure/","summary":"CVE-2026-34472 allows unauthenticated attackers on the local network to retrieve sensitive credentials from vulnerable ZTE ZXHN H188A routers via the web management interface, potentially leading to unauthorized access and control.","title":"ZTE ZXHN H188A Unauthenticated Credential Disclosure (CVE-2026-34472)","url":"https://feed.craftedsignal.io/briefs/2024-01-03-zte-zxhn-credential-disclosure/"}],"language":"en","title":"CraftedSignal Threat Feed - ZXHN H188A","version":"https://jsonfeed.org/version/1.1"}