Zyxel security advisory for P1302-T10D v3 modem insecure direct object reference vulnerability

CVE-2019-15815

 

Summary

Zyxel has found that its P1302-T10D v3 ADSL Modem/Router is susceptible to an insecure direct object reference vulnerability. After a thorough investigation, we determined the P1302-T10D is the only vulnerable model. Sales of the P1302-T10D are limited to the Turkish market. Users are urged to upgrade immediately to the latest available firmware for optimal protection.

 

What is the vulnerability?

An insecure direct object reference vulnerability was identified in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier. The vulnerability could allow an unauthorized user to access certain pages that require admin privileges.

 

What should you do?

We’ve released firmware version 2.00(ABBX.4)D0 that addresses the vulnerability, which can be downloaded from:
https://webstore.zyxel.eu/index.php/s/KJ36dSmBeaDnYio . We urge users to install it immediately.

 

Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it. Contact security@zyxel.com.tw and we’ll get right back to you.

 

Acknowledgment

Thanks to USOM-TRCERT for reporting this vulnerability to us.
www.usom.gov.tr

 

Revision history

Initial release 2019-10-16