Vulnerabilities > CVE-2023-22920 - Unspecified vulnerability in Zyxel Lte3202-M437 Firmware and Lte3316-M604 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zyxel

critical

NVD

Published: 2023-02-21

Updated: 2024-11-21

Summary

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.

Vulnerable Configurations

Part	Description	Count
OS	Zyxel Zyxel Lte3202 M437 Firmware 1.00\(Abwf.1\)C0 Zyxel Lte3316 M604 Firmware 2.00\(Abmp.6\)C0	2
Hardware	Zyxel Zyxel Lte3202 M437 - Zyxel Lte3316 M604 -	2

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-security-misconfiguration-vulnerability-of-4g-lte-indoor-routers
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-security-misconfiguration-vulnerability-of-4g-lte-indoor-routers