CVE-2023-22920Improper Access Control in Zyxel Lte3316-m604

CWE-284Improper Access Control3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.8%
top 25.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Zyxel Lte3316-m604Zyxel Lte3202-m437 FirmwareZyxel Lte3316-m604 Firmware
Timeline
PublishedFeb 21

Description

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDzyxel/lte3316-m604_firmware2.00\(abmp.6\)c0
CVEListV5zyxel/lte3316-m604V2.00(ABMP.6)C0
NVDzyxel/lte3202-m437_firmware1.00\(abwf.1\)c0

🔴Vulnerability Details

2
GHSA
GHSA-wpqc-593w-375g: A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V22023-02-21
CVEList
CVE-2023-22920: A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V22023-02-21
CVE-2023-22920 — Improper Access Control in Zyxel | cvebase