CVE-2020-28899

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network.

El Script Web CGI en dispositivos ZyXEL LTE4506-M606 versión V1.00 (ABDO.2)C0, no requiere autenticación, lo que permite a atacantes remotos no autenticados (por medio de datos de acción JSON diseñados para el archivo /cgi-bin/gui.cgi) usar todas las funciones proporcionadas por el enrutador. Ejemplos: cambiar la contraseña del enrutador, recuperar la contraseña de Wi-Fi, enviar un mensaje SMS o modificar el reenvío de IP para acceder a la red interna

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-11-17 CVE Reserved
2021-03-16 CVE Published
2024-03-19 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-306: Missing Authentication for Critical Function

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.zyxel.com/support/Zyxel-security-advisory-for-CGI-vulnerability-of-LTE.shtml	2021-03-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zyxel Search vendor "Zyxel"	Lte4506-m606 Firmware Search vendor "Zyxel" for product "Lte4506-m606 Firmware"	< v1.00\(abdo.6\)c0 Search vendor "Zyxel" for product "Lte4506-m606 Firmware" and version " < v1.00\(abdo.6\)c0"	-	Affected	in	Zyxel Search vendor "Zyxel"	Lte4506-m606 Search vendor "Zyxel" for product "Lte4506-m606"	-	-	Safe
Zyxel Search vendor "Zyxel"	Lte7460-m608 Firmware Search vendor "Zyxel" for product "Lte7460-m608 Firmware"	< v1.00\(abfr.5\)c0 Search vendor "Zyxel" for product "Lte7460-m608 Firmware" and version " < v1.00\(abfr.5\)c0"	-	Affected	in	Zyxel Search vendor "Zyxel"	Lte7460-m608 Search vendor "Zyxel" for product "Lte7460-m608"	-	-	Safe
Zyxel Search vendor "Zyxel"	Wah7706 Firmware Search vendor "Zyxel" for product "Wah7706 Firmware"	< v1.00\(abbc.11\)c0 Search vendor "Zyxel" for product "Wah7706 Firmware" and version " < v1.00\(abbc.11\)c0"	-	Affected	in	Zyxel Search vendor "Zyxel"	Wah7706 Search vendor "Zyxel" for product "Wah7706"	-	-	Safe