CVE-2026-34474: Pre-auth credential disclosure in ZTE H298A / H108N via ETHCheat

CVE-2026-34474 describes a pre-authentication credential disclosure vulnerability in the web interfaces of ZTE ZXHN H298A (version 1.1) and H108N (version 2.6) routers. The issue involves an ETHCheat branch returning HTML containing sensitive credentials before authentication is completed. Exposed data includes the admin password, WLAN pre-shared key (PSK), ESSID, and serial data via a companion wizard endpoint. The vulnerability report focuses on response behavior, affected scope, and disclosure details without providing proof-of-concept (PoC) output.