1 results (0.001 seconds)
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-28899
https://notcve.org/view.php?id=CVE-2020-28899
16 Mar 2021 — The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network. El Script Web CGI en dispositivos ZyXEL LTE4506-M606 versión V1.00 (ABDO.2)C0, no requiere autenticación, lo que permite a ... • https://www.zyxel.com/support/Zyxel-security-advisory-for-CGI-vulnerability-of-LTE.shtml • CWE-306: Missing Authentication for Critical Function •