Zyxel security advisory for CGI vulnerability of LTE
Zyxel has released LTE router patches addressing a common gateway interface (CGI) vulnerability. Customers are advised to install the applicable firmware updates or contact your Zyxel rep for further details for optimal protection.
What's the vulnerability?
A CGI script vulnerability arising from the lack of an authentication request was identified in some Zyxel LTE routers.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the vulnerable LTE routers that are within their warranty and support period and released firmware patches to address the issue, as shown in the table below.
Please note that the table does NOT include customized models for internet service providers (ISPs). For ISP customers, please contact your Zyxel representative for further details. For end-users who acquired the listed Zyxel devices by an ISP, we recommend you reach out to the ISP support team directly, as the devices may have custom-built settings.
||Patch available in
||V1.00(ABDO.6)C0 in March 2021
||V1.00(ABFR.5)C0 in March 2021
||V1.00(ABBC.12)C0 in March 2021
Got a question or a tipoff?
Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact firstname.lastname@example.org and we’ll get right back to you.
Thanks to Vincent ERUDEL for reporting the issue to us.
2021-3-8: Initial release
2021-3-23: Updated the patch firmware version of WAH7706