CVE-2022-40602

Name of the Vulnerable Software and Affected Versions Zyxel LTE3301-M209 versions prior to V1.00(ABLG.6)C0

Description A flaw in the Zyxel LTE3301-M209 firmware could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. The issue is related to errors in the authentication procedure, allowing a remote attacker to gain full access to the device. The problem is caused by the use of a hardcoded engineering password in the code, developed by a third-party supplier.

Recommendations For Zyxel LTE3301-M209 versions prior to V1.00(ABLG.6)C0, update the firmware to the latest version to resolve the issue. As a temporary workaround, consider disabling the remote administration feature until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the device with the remote administration feature enabled until the issue is resolved.