Unrated severityNVD Advisory· Published Mar 16, 2021· Updated Aug 4, 2024
CVE-2020-28899
CVE-2020-28899
Description
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network.
Affected products
2- ZyXEL/LTE4506-M606description
- Range: = V1.00(ABDO.2)C0
Patches
Vulnerability mechanics
References
1- www.zyxel.com/support/Zyxel-security-advisory-for-CGI-vulnerability-of-LTE.shtmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.