Zyxel Releases Security Update for LTE Indoor Router

Zyxel update addresses a pre-configured password vulnerability

Threat ID:: CC-4219
Threat Severity:: Information only
Published:: 23 November 2022 1:33 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Zyxel update addresses a pre-configured password vulnerability

Affected platforms

The following platforms are known to be affected:

Versions: 1.00 (ABLG.4) C0 and earlier

Zyxel LTE Router

Threat details

Introduction

Zyxel has released a security update for a vulnerability, tracked as CVE-2022-40602, which affects LTE indoor routers. The vulnerability could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.

Remediation advice

Affected organisations are encouraged to review Zyxel's security advisory and apply relevant updates and mitigations.

Definitive source of threat updates

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-configured-password-vulnerability-of-lte3301-m209

CVE Vulnerabilities

Status Published

CVE-2022-40602

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.

Last edited: 23 November 2022 1:33 pm