In the ZYXEL LTE3301-M209 devices, combining the functions of a wireless router and a 4G modem, identified safety problem (CVE-2022-40602), associated with the possibility of accessing access with a pre-well-known password present in the firmware. The problem allows the remote attacking to obtain the administrator’s rights on the device if the remote administration function is included in the settings. The appearance of vulnerability is explained by the use of an engineering password in a code, which was developed by a third -party supplier.
Problem Fixed in the update of the firmware 1.00 (ABLG.6) C0. Vulnerability is manifested only in the ZYXEL LTE3301-M209 model, a similar LTE3301-PLUS model is not subject to the problem.
/Media reports cited above.