What is the CVSS score of CVE-2026-34473?

CVE-2026-34473 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of ZTE Home Routers are affected by CVE-2026-34473?

CVE-2026-34473 is a high-severity denial-of-service vulnerability affecting ZTE home routers across 17 models that allows remote attackers to crash the web management interface and require manual…

Is there a public PoC exploit available for CVE-2026-34473?

Yes, a public proof-of-concept exploit is available for CVE-2026-34473. Prioritise patching immediately. EPSS: 0.0%.

ZTE Home Routers CVE-2026-34473

EUVD-2026-27881 HIGH

Uncontrolled Resource Consumption (CWE-400)

2026-05-06 mitre

Denial Of Service Zte

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

May 06, 2026 - 22:00 vuln.today

CVSS changed

May 06, 2026 - 20:22 NVD

7.5 (HIGH)

CVE Published

May 06, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST body. After triggering, the management interface may become unresponsive until the device is rebooted. This may affect any firmware version prior to 2022 (reporter observation). The supplier stated that devices are not vulnerable since 2021-03-23; operator firmware may vary.

AnalysisAI

Remote denial-of-service in ZTE home routers (H8102E, H168N, H167A, and 15 other models) allows unauthenticated network attackers to crash the web management interface via oversized HTTP POST request with application/x-www-form-urlencoded content, requiring physical device reboot to restore service. ZTE claims devices patched since March 2021, but operator firmware timelines vary. …

RemediationAI

Within 24 hours: Identify all ZTE router models (H8102E, H168N, H167A, and 15 others) in production using network inventory tools; document firmware versions and current operator patches. Within 7 days: Contact your ISP or device operator to confirm available firmware versions for your specific models and deployment date; implement network-level access controls restricting HTTP POST requests to the management interface to trusted administrative subnets only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory