Lucene search

[email protected]CVE-2023-22920

HistoryFeb 21, 2023 - 4:15 p.m.

CVE-2023-22920

2023-02-2116:15:11

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-22920

zyxel

lte3316-m604

firmware

security misconfiguration

remote access

telnet

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.

Affected configurations

NVD

Node

zyxellte3202-m437_firmwareMatch1.00\(abwf.1\)c0

AND

zyxellte3202-m437Match-

Node

zyxellte3316-m604_firmwareMatch2.00\(abmp.6\)c0

AND

zyxellte3316-m604Match-

CPENameOperatorVersion
zyxel:lte3202-m437_firmwarezyxel lte3202-m437 firmwareeq1.00\(abwf.1\)c0

CPE	Name	Operator	Version
zyxel:lte3202-m437_firmware	zyxel lte3202-m437 firmware	eq	1.00\(abwf.1\)c0

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "LTE3316-M604",
    "versions": [
      {
        "version": "V2.00(ABMP.6)C0",
        "status": "affected"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-security-misconfiguration-vulnerability-of-4g-lte-indoor-routers

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2023-22920

cvelist1 prion1 nvd1