Zyxel security advisory for security misconfiguration vulnerability of 4G LTE indoor routers
Zyxel Employee
CVE: CVE-2023-22920
Summary
Zyxel has released patches for 4G LTE indoor routers LTE3202-M437 and LTE3316-M604 to address a security misconfiguration vulnerability. Users are advised to install the patch for optimal protection.
What is the vulnerability?
A security misconfiguration vulnerability exists in the previous firmware versions of LTE3202-M437 and LTE3316-M604 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified only two vulnerable products that are within the vulnerability support period and released firmware patches to address the issue, as shown in the table below.
Affected model | Affected version | Patch availability |
|---|---|---|
LTE3202-M437 | V1.00(ABWF.1)C0 | |
LTE3316-M604 | V2.00(ABMP.6)C0 |
If an on-market product is not listed above, it is NOT affected.
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Acknowledgment
Thanks to Geoffroy Martin, Max Nolent, and ANSSI CERT-FR for reporting the issue to us.
Revision history
2023-2-22: Initial release
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight