Zte Router Firmware Update Tool Patched Here

ZTE has released firmware updates to patch SQL injection vulnerabilities found in the SMS functionality of specific 4G router and modem models. Users should apply these patches via the device's web interface or official support channels to prevent unauthorized access to configuration data. For more details, visit WithSecure Labs.

• Disable remote management: In the admin panel, go to Security → Remote Access. Turn it OFF. The exploit requires the update tool to be reachable.
• Change the default update port: Some ZTE models allow you to change the tool’s listening port from 7777 to a random high port (e.g., 49152). This is security by obscurity, but it stops automated scanners.
• Monitor outbound connections: Use firewall logs to watch for unexpected outbound connections on port 7777 or to unknown IP addresses.
• Isolate the router on a VLAN: Put your router on a management VLAN that is not accessible from guest or IoT networks.

• Serial console access or a known working recovery method.
• A full backup of the original flash (bootloader, firmware, calibration data).

5. Bricked Recovery Might Be Impossible

• ZTE does not officially support unbricking after using a patched tool.