Zte Router Firmware Update Tool Patched
ZTE has responded swiftly by releasing an updated version of the firmware tool.
Affected Products (Examples):
The Fix: The patch introduces strict verification checks during the update process. It ensures that:
Open a browser and navigate to 192.168.1.1 or 192.168.0.1 (common for ZTE). Log in as admin. zte router firmware update tool patched
Additionally, the patched version includes a new log entry: [SEC] Firmware signature check enforced.
Pro tip: If your firmware update page still shows "Last check: HTTP" or lacks any mention of encryption, your version is not patched.
#CyberSecurity #ZTE #RouterSecurity #FirmwareUpdate #Vulnerability #PatchTuesday #Infosec #NetworkSecurity ZTE has responded swiftly by releasing an updated
ZTE has released firmware updates to patch SQL injection vulnerabilities found in the SMS functionality of specific 4G router and modem models. Users should apply these patches via the device's web interface or official support channels to prevent unauthorized access to configuration data. For more details, visit WithSecure Labs.
SQL Injection in ZTE 4G routers and modems - WithSecure™ Labs
While ZTE has not released a complete public list, the issue is known to impact routers running firmware versions that rely on the vulnerable update client, including certain ZXHN and MF series models. Users are urged to check their device’s support page using their specific model number. The Fix: The patch introduces strict verification checks
The affected component is the web-based firmware update utility embedded in ZTE routers, typically accessible at /cgi-bin/firmware_upgrade.cgi or similar endpoints. Researchers identified that before the patch, the tool:
These flaws could be chained to upload a malicious firmware image, leading to full device compromise, botnet recruitment, or persistent backdoor installation.
If your ISP has not automatically updated your device, you must take matters into your own hands. Here is the safe, official way to patch your tool.