Zyxel security advisory for security misconfiguration vulnerability of 4G LTE indoor routers
Zyxel has released patches for 4G LTE indoor routers LTE3202-M437 and LTE3316-M604 to address a security misconfiguration vulnerability. Users are advised to install the patch for optimal protection.
What is the vulnerability?
A security misconfiguration vulnerability exists in the previous firmware versions of LTE3202-M437 and LTE3316-M604 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified only two vulnerable products that are within the vulnerability support period and released firmware patches to address the issue, as shown in the table below.
|Affected model||Affected version||Patch availability|
If an on-market product is not listed above, it is NOT affected.
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Thanks to Geoffroy Martin, Max Nolent, and ANSSI CERT-FR for reporting the issue to us.
2023-2-22: Initial release