Main Vulnerability Database SB2022112211

SB2022112211 - Improper access control in Zyxel LTE3301-M209

Published: November 22, 2022

Security Bulletin ID SB2022112211

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2022-40602)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to a pre-configured password issue. A remote attacker can use an improper pre-configured password and access the target device

Remediation

Install update from vendor's website.

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-configured-password-vulnerability-of-lte3301-m209