CVE-2026-34472: Pre-auth credential exposure and auth bypass in ZTE H188A V6 routers

I published a technical analysis of CVE-2026-34472, a pre-authentication credential exposure and authentication bypass in the ZTE H188A V6 router. Root cause: a routing flaw allows unauthenticated access to logic intended for the pre-login setup wizard. The exposed flow returns sensitive configuration values, including WLAN and admin-related credentials, which can then be used to cross the authentication boundary. The writeup includes: affected component analysis decompiled firmware review Lua/CGILua control-flow notes disclosure timeline PoC repository submitted by /u/TheReedemer69 [link] [comments]Technical Information Security Content & DiscussionRead More