CVE-2020-28899 - OpenCVE

The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zyxel	Lte4506-m606 Lte4506-m606 Firmware Lte7460-m608 Lte7460-m608 Firmware Wah7706 Wah7706 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zyxel:lte4506-m606_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte4506-m606:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:zyxel:lte7460-m608_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte7460-m608:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:zyxel:wah7706_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wah7706:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.zyxel.com/support/Zyxel-security-advisory-for-CGI-vulnerability-of-LTE.shtml

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-03-16T16:17:06

Updated: 2024-08-04T16:41:00.245Z

Reserved: 2020-11-17T00:00:00

Link: CVE-2020-28899

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-03-16T17:15:13.307

Modified: 2021-03-22T20:29:19.177

Link: CVE-2020-28899

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-16T16:17:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-CGI-vulnerability-of-LTE.shtml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28899", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.zyxel.com/support/Zyxel-security-advisory-for-CGI-vulnerability-of-LTE.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-CGI-vulnerability-of-LTE.shtml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:41:00.245Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-CGI-vulnerability-of-LTE.shtml"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-28899", "datePublished": "2021-03-16T16:17:06", "dateReserved": "2020-11-17T00:00:00", "dateUpdated": "2024-08-04T16:41:00.245Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:lte4506-m606_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06925B86-1A1F-4DDE-9CDC-2EAFA1806A4E", "versionEndExcluding": "v1.00\\(abdo.6\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:lte4506-m606:-:*:*:*:*:*:*:*", "matchCriteriaId": "3002D5F6-5806-4372-A0F3-A77A038064F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:lte7460-m608_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAA6DD62-E5EF-48C6-8A9E-8C63F23EE54E", "versionEndExcluding": "v1.00\\(abfr.5\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:lte7460-m608:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D766BB8-C4C8-420B-8725-23452582A417", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wah7706_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF68DC74-D23C-47FC-A59D-EDFB0C3AA356", "versionEndExcluding": "v1.00\\(abbc.11\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wah7706:-:*:*:*:*:*:*:*", "matchCriteriaId": "35EA9FA6-0602-4CB8-87BB-2B9BABE90786", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network."}, {"lang": "es", "value": "El Script Web CGI en dispositivos ZyXEL LTE4506-M606 versi\u00f3n V1.00 (ABDO.2)C0, no requiere autenticaci\u00f3n, lo que permite a atacantes remotos no autenticados (por medio de datos de acci\u00f3n JSON dise\u00f1ados para el archivo /cgi-bin/gui.cgi) usar todas las funciones proporcionadas por el enrutador. Ejemplos: cambiar la contrase\u00f1a del enrutador, recuperar la contrase\u00f1a de Wi-Fi, enviar un mensaje SMS o modificar el reenv\u00edo de IP para acceder a la red interna"}], "id": "CVE-2020-28899", "lastModified": "2021-03-22T20:29:19.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-16T17:15:13.307", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-CGI-vulnerability-of-LTE.shtml"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}