CVE-2020-28899

Published: Mar 16, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.zyxel.com/support/Zyxel-security-advisory-for-CGI-vulnerability-of-LTE.shtml

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-28899

Description

Affected Products

References