Zyxel security advisory for CGI vulnerability of LTE

Carter
Carter Posts: 29  Admin
edited March 23 in Security Advisories

Zyxel security advisory for CGI vulnerability of LTE


CVE: CVE-2020-28899


Summary

Zyxel has released LTE router patches addressing a common gateway interface (CGI) vulnerability. Users are advised to install the applicable firmware updates for optimal protection.


What is the vulnerability?

A CGI script vulnerability arising from the lack of an authentication request was identified in some Zyxel LTE routers.


What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable LTE routers that are within their warranty and support period and released firmware patches to address the issue, as shown in the table below.

Please note that the table does NOT include customized models for internet service providers (ISPs). For ISP customers, please contact your Zyxel representative for further details. For users who purchased the listed devices on their own, please download the new firmware from following links:

Affected model Patch availability
LTE4506-M606 V1.00(ABDO.6)C0
LTE7460-M608 V1.00(ABFR.5)C0
WAH7706 V1.00(ABBC.12)C0


Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact [email protected] and we’ll get right back to you.


Acknowledgment

Thanks to Vincent ERUDEL for reporting the issue to us.


Revision history

2021-3-5: Initial release

2021-3-23: Updated the patch firmware version of WAH7706


Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!