Minanagehsalalma

**Name of the Vulnerable Software and Affected Versions** ZTE H8102E (affected versions not specified) ZTE H168N (affected versions not specified) ZTE H167A (affected versions not specified) ZTE H199A (affected versions not specified) ZTE H288A (affected versions not specified) ZTE H198A (affected versions not specified) ZTE H267A (affected versions not specified) ZTE H267N (affected versions not specified) ZTE H268A (affected versions not specified) ZTE H388X (affected versions not specified) ZTE H196A (affected versions not specified) ZTE H369A (affected versions not specified) ZTE H268N (affected versions not specified) ZTE H208N (affected versions not specified) ZTE H367N (affected versions not specified) ZTE H181A (affected versions not specified) ZTE H196Q (affected versions not specified) **Description** An unauthenticated denial-of-service condition exists in the web interface of several router models. The issue occurs because the CGILua parser (a component that processes Common Gateway Interface requests using the Lua programming language) eagerly reads and processes request bodies before authentication. An attacker can trigger this by sending an oversized `application/x-www-form-urlencoded` POST body, which may cause the management interface to become unresponsive until the device is rebooted. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZTE ZXHN H298A version 1.1 ZTE H108N version 2.6 **Description** A crafted request to the router web interface can cause sensitive data exposure. This issue may leak device and account information, including the administrator password and WLAN Pre-Shared Key (PSK), which can lead to authentication bypass and network compromise. In some firmware versions, the exposure may be limited to partial identifiers such as the serial number, ESSID, and MAC addresses. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZTE ZXHN H188A versions V6.0.10P2 TE through V6.0.10P3N3 TE **Description** An issue exists that allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface. These credentials include the default administrator password, WLAN PSK, and PPPoE credentials. In some instances, configuration changes can also be made without authentication through the wizard interface. **Recommendations** Versions V6.0.10P2 TE and V6.0.10P3N3 TE are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.