CVE-2019-15801

Published: Nov 14, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.

Affected (9)

Products: Zyxel: Gs1900 8 Firmware, Gs1900 8hp Firmware, Gs1900 10hp Firmware, Gs1900 16 Firmware, Gs1900 24e Firmware, Gs1900 24 Firmware, Gs1900 24hp Firmware, Gs1900 48 Firmware, Gs1900 48hp Firmware

9 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 8 Firmware	Before 2.50\(aahh.0\)c0

Running on/with	Platform Versions
Zyxel Gs1900 8	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 8hp Firmware	Before 2.50\(aahi.0\)c0

Running on/with	Platform Versions
Zyxel Gs1900 8hp	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 10hp Firmware	Before 2.50\(aazi.0\)c0

Running on/with	Platform Versions
Zyxel Gs1900 10hp	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 16 Firmware	Before 2.50\(aahj.0\)c0

Running on/with	Platform Versions
Zyxel Gs1900 16	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 24e Firmware	Before 2.50\(aahk.0\)c0

Running on/with	Platform Versions
Zyxel Gs1900 24e	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 24 Firmware	Before 2.50\(aahl.0\)c0

Running on/with	Platform Versions
Zyxel Gs1900 24	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 24hp Firmware	Before 2.50\(aahm.0\)c0

Running on/with	Platform Versions
Zyxel Gs1900 24hp	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 48 Firmware	Before 2.50\(aahn.0\)c0

Running on/with	Platform Versions
Zyxel Gs1900 48	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 48hp Firmware	Before 2.50\(aaho.0\)c0

Running on/with	Platform Versions
Zyxel Gs1900 48hp	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml

Source: cve@mitre.org

Vendor Advisory

https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.