CVE-2026-34474: Pre-auth credential disclosure in ZTE H298A / H108N via ETHCheat

CVE-2026-34474 covers a pre-auth credential disclosure in ZTE ZXHN H298A 1.1 and H108N 2.6 router web interfaces. The short version: an ETHCheat branch returns credential-bearing HTML before authentication. The captured fields include the admin password, WLAN PSK, and ESSID, and a companion wizard endpoint exposes serial data. The writeup keeps the PoC output redacted and focuses on the response behavior, affected scope, and disclosure trail. submitted by /u/TheReedemer69 [link] [comments]Technical Information Security Content & DiscussionRead More