Zyxel security advisory for pre-configured password vulnerability of LTE3301-M209
CVE: CVE-2022-40602
Summary
Zyxel has released a patch for its LTE indoor router LTE3301-M209 to address a pre-configured password vulnerability. Users are advised to install the patch for optimal protection.
What is the vulnerability?
A flaw in the previous LTE3301-M209 firmware could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.
What versions are vulnerable-and what should you do?
After a thorough investigation, we’ve found that the root cause existed in pre-configured code provided by our vendor and affected only one product still within its vulnerability support period. We’ve released a firmware patch to address the issue, as shown in the table below.
Affected model |
Affected version |
Patch availability |
LTE3301-M209 |
V1.00(ABLG.4)C0 and earlier |
Please note that the LTE3301-Plus currently on the market is NOT affected because it is built on a different code base.
If an on-market product is not listed above, it is NOT affected.
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Acknowledgment
Thanks to RE-Solver for reporting the issue to us.
Revision history
2022-11-22: Initial release.
Categories
- All Categories
- 393 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 906 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight