CVE-2021-21735 looks like a basic information leak at first, but the interesting part is the chain. On the ZTE ZXHN H168N V3.5, setup/wizard routes exposed PPPoE and WLAN material that should have stayed behind the authenticated configuration boundary. In some ISP deployments, that leaked PPPoE value could overlap with the hidden admin credential, turning a low-looking leak into admin access. I rebuilt the write-up around the firmware routing failure, the wizard whitelist behavior, redacted request/response evidence, and the vendor-vs-NVD severity split. submitted by /u/TheReedemer69 [link] [comments]