CVE-2026-34473: n/a
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST body. After triggering, the management interface may become unresponsive until the device is rebooted. This may affect any firmware version prior to 2022 (reporter observation). The supplier stated that devices are not vulnerable since 2021-03-23; operator firmware may vary.
AI Analysis
Technical Summary
This vulnerability allows an unauthenticated attacker to trigger a denial-of-service condition on various ZTE router models by sending an oversized POST request to the web interface. The attack causes the management interface to hang and require a reboot to recover. The issue impacts firmware versions prior to 2022, though the vendor claims devices are not vulnerable from March 23, 2021 onward. No CVSS score or official remediation guidance is available, and no known exploits in the wild have been reported.
Potential Impact
The impact is a denial-of-service condition on the router's management interface, rendering it unresponsive until reboot. This could disrupt administrative access to the device, potentially delaying management and response actions. There is no indication of code execution or data compromise from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The vendor states devices are not vulnerable since March 23, 2021, but operator firmware may vary, so verifying firmware version and applying any available updates is recommended. If no update is available, limiting access to the management interface and monitoring for unusual POST request sizes may reduce risk.
CVE-2026-34473: n/a
Description
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST body. After triggering, the management interface may become unresponsive until the device is rebooted. This may affect any firmware version prior to 2022 (reporter observation). The supplier stated that devices are not vulnerable since 2021-03-23; operator firmware may vary.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability allows an unauthenticated attacker to trigger a denial-of-service condition on various ZTE router models by sending an oversized POST request to the web interface. The attack causes the management interface to hang and require a reboot to recover. The issue impacts firmware versions prior to 2022, though the vendor claims devices are not vulnerable from March 23, 2021 onward. No CVSS score or official remediation guidance is available, and no known exploits in the wild have been reported.
Potential Impact
The impact is a denial-of-service condition on the router's management interface, rendering it unresponsive until reboot. This could disrupt administrative access to the device, potentially delaying management and response actions. There is no indication of code execution or data compromise from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The vendor states devices are not vulnerable since March 23, 2021, but operator firmware may vary, so verifying firmware version and applying any available updates is recommended. If no update is available, limiting access to the management interface and monitoring for unusual POST request sizes may reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-27T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fb9131cbff5d86102f43a7
Added to database: 5/6/2026, 7:06:25 PM
Last enriched: 5/6/2026, 7:22:14 PM
Last updated: 5/7/2026, 7:39:20 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.