{"vulnerability": "CVE-2020-28899", "sightings": [{"uuid": "6bbef907-f88b-4b59-a436-74ceb2a6bac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28899", "type": "seen", "source": "https://t.me/cibsecurity/24965", "content": "\u203c CVE-2020-28899 \u203c\n\nThe Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-16T19:30:02.000000Z"}, {"uuid": "371d7a9d-d1ed-4bd2-ab60-9277d592707d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28899", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3m56dsv7znt2n", "content": "", "creation_timestamp": "2025-11-09T05:11:16.813291Z"}]}