Vulnerabilites related to zyxel - gs1900-48hp
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | gs1900-8_firmware | * | |
| zyxel | gs1900-8 | - | |
| zyxel | gs1900-8hp_firmware | * | |
| zyxel | gs1900-8hp | - | |
| zyxel | gs1900-10hp_firmware | * | |
| zyxel | gs1900-10hp | - | |
| zyxel | gs1900-16_firmware | * | |
| zyxel | gs1900-16 | - | |
| zyxel | gs1900-24e_firmware | * | |
| zyxel | gs1900-24e | - | |
| zyxel | gs1900-24_firmware | * | |
| zyxel | gs1900-24 | - | |
| zyxel | gs1900-24hp_firmware | * | |
| zyxel | gs1900-24hp | - | |
| zyxel | gs1900-48_firmware | * | |
| zyxel | gs1900-48 | - | |
| zyxel | gs1900-48hp_firmware | * | |
| zyxel | gs1900-48hp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5",
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B",
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E",
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76",
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB",
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35",
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07",
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2",
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5",
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains \"Password recovery for specific user\" options. The menu is believed to be accessible using a serial console."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a 2.50(AAHH.0)C0. Mediante el envi\u00f3 de una se\u00f1al al proceso de la CLI, una funcionalidad no documentada es activada. Espec\u00edficamente, se puede activar un men\u00fa mediante el env\u00edo de la se\u00f1al SIGQUIT a la aplicaci\u00f3n de la CLI (por ejemplo, por medio de CTRL+\\ v\u00eda SSH). La comprobaci\u00f3n del control de acceso para este men\u00fa opera y proh\u00edbe acceder al men\u00fa, que contiene las opciones de \"Password recovery for specific user\". Se cree que es posible acceder al men\u00fa usando una consola en serie."
}
],
"id": "CVE-2019-15804",
"lastModified": "2024-11-21T04:29:30.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T21:15:11.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-26 12:15
Modified
2024-11-21 06:11
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD447145-9B13-4B3E-B35E-65AB4A576B8D",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06D9347D-F0F3-4E9B-8EF6-AA2A723A55E6",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A54B9C24-6492-463F-8768-BF1E092D9077",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2B2385-9DDF-4E5E-9CFE-12B0304568BF",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "674594F8-B90F-4D8E-82E4-9DE721BC52E5",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F69D2726-44BB-4AFB-9447-2220675020AE",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC29ADFF-27E6-4CFA-8C5F-32542AC36052",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4567A0DB-6E8E-4714-B573-8FEA4A571738",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99DCDB75-4D17-4A05-AF5A-4ADA54A54142",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD68BF23-59DC-4449-9B53-ACBCC6F4A871",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4D35C7-255C-4842-8D75-22CAC3E14C6C",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39C45C13-DD78-4486-833A-773A5F0A77A8",
"versionEndExcluding": "2.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en el programa CGI de Zyxel GS1900-8 versi\u00f3n del firmware V2.60, que no esterilizaba apropiadamente el contenido de los paquetes y pod\u00eda permitir a un usuario local autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) por medio de un paquete LLDP dise\u00f1ado"
}
],
"id": "CVE-2021-35030",
"lastModified": "2024-11-21T06:11:42.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-26T12:15:08.817",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-28 11:15
Modified
2024-11-21 06:11
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8E2361-4094-4EF4-ABD1-2AA7F6306F17",
"versionEndExcluding": "2.70\\(aahh.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B977BC02-1C92-4A11-B63B-08D521257313",
"versionEndExcluding": "2.70\\(aahi.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0426305E-B895-4F3F-BBFD-B67532B23D45",
"versionEndExcluding": "2.70\\(aazi.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC06507-70AD-4518-A206-51DCF3A372EC",
"versionEndExcluding": "2.70\\(aahj.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FA189B-1FCD-4A54-8867-8F640EA6E23D",
"versionEndExcluding": "2.70\\(aahk.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6A17B4-4E5A-4B59-8D4E-34D3D4E474FD",
"versionEndExcluding": "2.70\\(abto.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCE590C-002A-4DAA-84AB-23B976F0F510",
"versionEndExcluding": "2.70\\(aahl.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A54568EB-94F3-4817-BD25-C5F52ED1B9AB",
"versionEndExcluding": "2.70\\(aahm.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A11824-D68D-41F0-BA0B-69C6CEEC5948",
"versionEndExcluding": "2.70\\(aatp.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBB3AFE-A826-43DC-A18F-FFD68E08E23E",
"versionEndExcluding": "2.70\\(aahn.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7B8A54-65D5-41E6-89BF-0B4DF6D30125",
"versionEndExcluding": "2.70\\(aaho.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAE5234-410D-436F-86CD-744F3127AEAF",
"versionEndExcluding": "2.70\\(abtq.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xgs1210-12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB20E61-9B6E-4AD4-B365-98ED5546F7EF",
"versionEndExcluding": "1.00\\(abty.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xgs1210-12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79ECDFC6-ABE3-43A1-BE57-4EC8C7F2896E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xgs1250-12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "678F3EF1-23DA-4252-A284-F639CFC5CB8A",
"versionEndExcluding": "1.00\\(abwe.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xgs1250-12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BAEB6C1-5F51-4AAC-B8D3-5F06F139639E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el cliente TFTP del firmware de la serie Zyxel GS1900 versi\u00f3n 2.60, podr\u00eda permitir a un usuario local autenticado ejecutar comandos arbitrarios del SO"
}
],
"id": "CVE-2021-35031",
"lastModified": "2024-11-21T06:11:42.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-28T11:15:07.463",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-28 11:15
Modified
2024-11-21 06:11
Severity ?
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8E2361-4094-4EF4-ABD1-2AA7F6306F17",
"versionEndExcluding": "2.70\\(aahh.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B977BC02-1C92-4A11-B63B-08D521257313",
"versionEndExcluding": "2.70\\(aahi.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0426305E-B895-4F3F-BBFD-B67532B23D45",
"versionEndExcluding": "2.70\\(aazi.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC06507-70AD-4518-A206-51DCF3A372EC",
"versionEndExcluding": "2.70\\(aahj.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FA189B-1FCD-4A54-8867-8F640EA6E23D",
"versionEndExcluding": "2.70\\(aahk.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6A17B4-4E5A-4B59-8D4E-34D3D4E474FD",
"versionEndExcluding": "2.70\\(abto.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCE590C-002A-4DAA-84AB-23B976F0F510",
"versionEndExcluding": "2.70\\(aahl.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A54568EB-94F3-4817-BD25-C5F52ED1B9AB",
"versionEndExcluding": "2.70\\(aahm.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A11824-D68D-41F0-BA0B-69C6CEEC5948",
"versionEndExcluding": "2.70\\(aatp.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBB3AFE-A826-43DC-A18F-FFD68E08E23E",
"versionEndExcluding": "2.70\\(aahn.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7B8A54-65D5-41E6-89BF-0B4DF6D30125",
"versionEndExcluding": "2.70\\(aaho.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAE5234-410D-436F-86CD-744F3127AEAF",
"versionEndExcluding": "2.70\\(abtq.0\\)-20211208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u0027libsal.so\u0027 of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el archivo \"libsal.so\" del firmware de la serie Zyxel GS1900 versi\u00f3n 2.60, podr\u00eda permitir a un usuario local autenticado ejecutar comandos arbitrarios del sistema operativo por medio de una llamada de funci\u00f3n dise\u00f1ada"
}
],
"id": "CVE-2021-35032",
"lastModified": "2024-11-21T06:11:42.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-28T11:15:07.583",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | gs1900-8_firmware | * | |
| zyxel | gs1900-8 | - | |
| zyxel | gs1900-8hp_firmware | * | |
| zyxel | gs1900-8hp | - | |
| zyxel | gs1900-10hp_firmware | * | |
| zyxel | gs1900-10hp | - | |
| zyxel | gs1900-16_firmware | * | |
| zyxel | gs1900-16 | - | |
| zyxel | gs1900-24e_firmware | * | |
| zyxel | gs1900-24e | - | |
| zyxel | gs1900-24_firmware | * | |
| zyxel | gs1900-24 | - | |
| zyxel | gs1900-24hp_firmware | * | |
| zyxel | gs1900-24hp | - | |
| zyxel | gs1900-48_firmware | * | |
| zyxel | gs1900-48 | - | |
| zyxel | gs1900-48hp_firmware | * | |
| zyxel | gs1900-48hp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5",
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B",
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E",
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76",
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB",
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35",
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07",
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2",
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5",
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a 2.50 (AAHH.0) C0. Debido a la falta de validaci\u00f3n de entrada en las funciones cmd_sys_traceroute_exec (), cmd_sys_arp_clear () y cmd_sys_ping_exec () en la biblioteca libclicmd.so contenida en el firmware, un atacante podr\u00eda aprovechar estas funciones para llamar al sistema () y ejecutar comandos arbitrarios en los conmutadores . (Tenga en cuenta que estas funciones no se invocan actualmente en esta versi\u00f3n del firmware, sin embargo, un atacante podr\u00eda usar otras vulnerabilidades para finalmente usar estas vulnerabilidades para obtener la ejecuci\u00f3n del c\u00f3digo)."
}
],
"id": "CVE-2019-15800",
"lastModified": "2024-11-21T04:29:29.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T21:15:11.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://vimeo.com/354726424 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vimeo.com/354726424 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | gs1900-8_firmware | * | |
| zyxel | gs1900-8 | - | |
| zyxel | gs1900-8hp_firmware | * | |
| zyxel | gs1900-8hp | - | |
| zyxel | gs1900-10hp_firmware | * | |
| zyxel | gs1900-10hp | - | |
| zyxel | gs1900-16_firmware | * | |
| zyxel | gs1900-16 | - | |
| zyxel | gs1900-24e_firmware | * | |
| zyxel | gs1900-24e | - | |
| zyxel | gs1900-24_firmware | * | |
| zyxel | gs1900-24 | - | |
| zyxel | gs1900-24hp_firmware | * | |
| zyxel | gs1900-24hp | - | |
| zyxel | gs1900-48_firmware | * | |
| zyxel | gs1900-48 | - | |
| zyxel | gs1900-48hp_firmware | * | |
| zyxel | gs1900-48hp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5",
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B",
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E",
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76",
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB",
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35",
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07",
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2",
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5",
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versi\u00f3n 2.50 (AAHH.0) C0. Las cuentas de usuario creadas a trav\u00e9s de la interfaz web del dispositivo, cuando se les otorgan privilegios de nivel no administrativo, tienen el mismo nivel de acceso privilegiado que los administradores cuando se conectan al dispositivo a trav\u00e9s de SSH (mientras que sus permisos a trav\u00e9s de la interfaz web est\u00e1n de hecho restringidos). Esto permite a los usuarios normales obtener la contrase\u00f1a administrativa ejecutando el comando de soporte t\u00e9cnico a trav\u00e9s de la CLI: contiene las contrase\u00f1as cifradas para todos los usuarios en el dispositivo. Como estas contrase\u00f1as se cifran con par\u00e1metros conocidos y est\u00e1ticos, se pueden descifrar y se pueden obtener las contrase\u00f1as originales (incluida la contrase\u00f1a del administrador)."
}
],
"id": "CVE-2019-15799",
"lastModified": "2024-11-21T04:29:29.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T21:15:11.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://vimeo.com/354726424"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://vimeo.com/354726424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | gs1900-8_firmware | * | |
| zyxel | gs1900-8 | - | |
| zyxel | gs1900-8hp_firmware | * | |
| zyxel | gs1900-8hp | - | |
| zyxel | gs1900-10hp_firmware | * | |
| zyxel | gs1900-10hp | - | |
| zyxel | gs1900-16_firmware | * | |
| zyxel | gs1900-16 | - | |
| zyxel | gs1900-24e_firmware | * | |
| zyxel | gs1900-24e | - | |
| zyxel | gs1900-24_firmware | * | |
| zyxel | gs1900-24 | - | |
| zyxel | gs1900-24hp_firmware | * | |
| zyxel | gs1900-24hp | - | |
| zyxel | gs1900-48_firmware | * | |
| zyxel | gs1900-48 | - | |
| zyxel | gs1900-48hp_firmware | * | |
| zyxel | gs1900-48hp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5",
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B",
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E",
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76",
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB",
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35",
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07",
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2",
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5",
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versi\u00f3n 2.50 (AAHH.0) C0. La imagen del firmware contiene contrase\u00f1as cifradas que se utilizan para autenticar a los usuarios que desean acceder a un men\u00fa de diagn\u00f3stico o recuperaci\u00f3n de contrase\u00f1a. Usando la clave criptogr\u00e1fica codificada que se encuentra en otra parte del firmware, estas contrase\u00f1as se pueden descifrar. Esto est\u00e1 relacionado con fds_sys_passDebugPasswd_ret () y fds_sys_passRecoveryPasswd_ret () en libfds.so.0.0."
}
],
"id": "CVE-2019-15801",
"lastModified": "2024-11-21T04:29:29.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T21:15:11.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | gs1900-8_firmware | * | |
| zyxel | gs1900-8 | - | |
| zyxel | gs1900-8hp_firmware | * | |
| zyxel | gs1900-8hp | - | |
| zyxel | gs1900-10hp_firmware | * | |
| zyxel | gs1900-10hp | - | |
| zyxel | gs1900-16_firmware | * | |
| zyxel | gs1900-16 | - | |
| zyxel | gs1900-24e_firmware | * | |
| zyxel | gs1900-24e | - | |
| zyxel | gs1900-24_firmware | * | |
| zyxel | gs1900-24 | - | |
| zyxel | gs1900-24hp_firmware | * | |
| zyxel | gs1900-24hp | - | |
| zyxel | gs1900-48_firmware | * | |
| zyxel | gs1900-48 | - | |
| zyxel | gs1900-48hp_firmware | * | |
| zyxel | gs1900-48hp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5",
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B",
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E",
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76",
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB",
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35",
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07",
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2",
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5",
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versi\u00f3n 2.50 (AAHH.0) C0. El firmware codifica y cifra las contrase\u00f1as con una clave criptogr\u00e1fica codificada en sal_util_str_encrypt () en libsal.so.0.0. Los par\u00e1metros (sal, IV y datos clave) se utilizan para cifrar y descifrar todas las contrase\u00f1as utilizando AES256 en modo CBC. Con los par\u00e1metros conocidos, se pueden descifrar todas las contrase\u00f1as previamente encriptadas. Esto incluye las contrase\u00f1as que forman parte de las copias de seguridad de la configuraci\u00f3n o que est\u00e1n integradas como parte del firmware."
}
],
"id": "CVE-2019-15802",
"lastModified": "2024-11-21T04:29:29.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T21:15:11.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | gs1900-8_firmware | * | |
| zyxel | gs1900-8 | - | |
| zyxel | gs1900-8hp_firmware | * | |
| zyxel | gs1900-8hp | - | |
| zyxel | gs1900-10hp_firmware | * | |
| zyxel | gs1900-10hp | - | |
| zyxel | gs1900-16_firmware | * | |
| zyxel | gs1900-16 | - | |
| zyxel | gs1900-24e_firmware | * | |
| zyxel | gs1900-24e | - | |
| zyxel | gs1900-24_firmware | * | |
| zyxel | gs1900-24 | - | |
| zyxel | gs1900-24hp_firmware | * | |
| zyxel | gs1900-24hp | - | |
| zyxel | gs1900-48_firmware | * | |
| zyxel | gs1900-48 | - | |
| zyxel | gs1900-48hp_firmware | * | |
| zyxel | gs1900-48hp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5",
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B",
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E",
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76",
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB",
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35",
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07",
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2",
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5",
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versi\u00f3n 2.50 (AAHH.0) C0. A trav\u00e9s de una secuencia indocumentada de pulsaciones de teclas, se activa la funcionalidad no documentada. Se activa un shell de diagn\u00f3stico a trav\u00e9s de CTRL-ALT-t, que solicita la contrase\u00f1a devuelta por fds_sys_passDebugPasswd_ret (). El firmware contiene comprobaciones de control de acceso que determinan si los usuarios remotos pueden acceder a esta funcionalidad. La funci\u00f3n que realiza esta comprobaci\u00f3n (fds_sys_remoteDebugEnable_ret en libfds.so) siempre devuelve VERDADERO sin realizar comprobaciones reales. El men\u00fa de diagn\u00f3stico permite leer / escribir registros arbitrarios y varios otros par\u00e1metros de configuraci\u00f3n que se cree que est\u00e1n relacionados con los chips de la interfaz de red."
}
],
"id": "CVE-2019-15803",
"lastModified": "2024-11-21T04:29:29.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T21:15:11.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-15801
Vulnerability from cvelistv5
Published
2019-11-14 20:16
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
| https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T20:16:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",
"refsource": "MISC",
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15801",
"datePublished": "2019-11-14T20:16:08",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15802
Vulnerability from cvelistv5
Published
2019-11-14 20:16
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
| https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T20:16:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",
"refsource": "MISC",
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15802",
"datePublished": "2019-11-14T20:16:03",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15804
Vulnerability from cvelistv5
Published
2019-11-14 20:15
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
| https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains \"Password recovery for specific user\" options. The menu is believed to be accessible using a serial console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T20:15:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains \"Password recovery for specific user\" options. The menu is believed to be accessible using a serial console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",
"refsource": "MISC",
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15804",
"datePublished": "2019-11-14T20:15:46",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35032
Vulnerability from cvelistv5
Published
2021-12-28 10:42
Modified
2024-08-04 00:33
Severity ?
EPSS score ?
Summary
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | GS1900 series firmware |
Version: 2.60 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:49.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GS1900 series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "2.60"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u0027libsal.so\u0027 of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-28T10:42:07",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2021-35032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GS1900 series firmware",
"version": {
"version_data": [
{
"version_value": "2.60"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the \u0027libsal.so\u0027 of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.4",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2021-35032",
"datePublished": "2021-12-28T10:42:07",
"dateReserved": "2021-06-17T00:00:00",
"dateUpdated": "2024-08-04T00:33:49.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15800
Vulnerability from cvelistv5
Published
2019-11-14 20:16
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
| https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T20:16:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",
"refsource": "MISC",
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15800",
"datePublished": "2019-11-14T20:16:20",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35031
Vulnerability from cvelistv5
Published
2021-12-28 10:36
Modified
2024-08-04 00:33
Severity ?
EPSS score ?
Summary
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zyxel | GS1900 series firmware |
Version: 2.60 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:49.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GS1900 series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "2.60"
}
]
},
{
"product": "XGS1210 series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "1.00(ABTY.4)C0"
}
]
},
{
"product": "XGS1250 series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "1.00(ABWE.0)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-28T16:05:43",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2021-35031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GS1900 series firmware",
"version": {
"version_data": [
{
"version_value": "2.60"
}
]
}
},
{
"product_name": "XGS1210 series firmware",
"version": {
"version_data": [
{
"version_value": "1.00(ABTY.4)C0"
}
]
}
},
{
"product_name": "XGS1250 series firmware",
"version": {
"version_data": [
{
"version_value": "1.00(ABWE.0)C0"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.8",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2021-35031",
"datePublished": "2021-12-28T10:36:23",
"dateReserved": "2021-06-17T00:00:00",
"dateUpdated": "2024-08-04T00:33:49.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35030
Vulnerability from cvelistv5
Published
2021-07-26 11:20
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | GS1900-8 Firmware |
Version: 2.60 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:49.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GS1900-8 Firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "2.60"
}
]
}
],
"datePublic": "2021-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-26T11:20:40",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"DATE_PUBLIC": "2021-07-27 10:00:00+0800",
"ID": "CVE-2021-35030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GS1900-8 Firmware",
"version": {
"version_data": [
{
"version_value": "2.60"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml",
"refsource": "MISC",
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2021-35030",
"datePublished": "2021-07-26T11:20:40.191209Z",
"dateReserved": "2021-06-17T00:00:00",
"dateUpdated": "2024-09-17T01:46:12.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15799
Vulnerability from cvelistv5
Published
2019-11-14 20:16
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
| https://vimeo.com/354726424 | x_refsource_MISC | |
| https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vimeo.com/354726424"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T20:16:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vimeo.com/354726424"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",
"refsource": "MISC",
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"name": "https://vimeo.com/354726424",
"refsource": "MISC",
"url": "https://vimeo.com/354726424"
},
{
"name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15799",
"datePublished": "2019-11-14T20:16:33",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15803
Vulnerability from cvelistv5
Published
2019-11-14 20:15
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
| https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T20:15:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",
"refsource": "MISC",
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15803",
"datePublished": "2019-11-14T20:15:56",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201911-1311
Vulnerability from variot
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. Zyxel GS1900 There is a privilege management vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan.
A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit the vulnerability to obtain an administrative password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1311",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-8",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-16",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15799"
}
]
},
"cve": "CVE-2019-15799",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-15799",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41667",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15799",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15799",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-41667",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-991",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. Zyxel GS1900 There is a privilege management vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit the vulnerability to obtain an administrative password",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "CNVD",
"id": "CNVD-2019-41667"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15799",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41667",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
]
},
"id": "VAR-201911-1311",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
}
]
},
"last_update_date": "2023-12-18T14:00:42.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for Unknown vulnerabilities in ZyXEL GS1900",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/191511"
},
{
"title": "ZyXEL GS1900 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=102961"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15799"
},
{
"trust": 1.6,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 1.6,
"url": "https://vimeo.com/354726424"
},
{
"trust": 1.6,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15799"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"date": "2019-11-14T21:15:11.623000",
"db": "NVD",
"id": "CVE-2019-15799"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"date": "2019-11-21T18:15:55.813000",
"db": "NVD",
"id": "CVE-2019-15799"
},
{
"date": "2019-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Vulnerability related to privilege management in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
],
"trust": 0.6
}
}
var-201911-1315
Vulnerability from variot
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information may be obtained and information may be altered. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan.
A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit this vulnerability to access restricted features
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"cve": "CVE-2019-15803",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-15803",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41669",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15803",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15803",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-41669",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-995",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information may be obtained and information may be altered. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit this vulnerability to access restricted features",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15803"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNVD",
"id": "CNVD-2019-41669"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15803",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41669",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
]
},
"id": "VAR-201911-1315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
}
]
},
"last_update_date": "2023-12-18T11:59:12.019000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for Unknown vulnerability in ZyXEL GS1900 (CNVD-2019-41669)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/191507"
},
{
"title": "ZyXEL GS1900 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103377"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15803"
},
{
"trust": 1.6,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 1.6,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15803"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"date": "2019-11-14T21:15:11.890000",
"db": "NVD",
"id": "CVE-2019-15803"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-15803"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Vulnerability related to input validation in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
],
"trust": 0.6
}
}
var-201911-1316
Vulnerability from variot
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. Zyxel GS1900 An input validation vulnerability exists in the device firmware.Information may be altered. ZyXEL GS1900 is a managed switch of ZyXEL Corporation in Taiwan.
There is a security vulnerability in Zyxel GS1900 using firmware versions prior to 2.50 (AAHH.0) C0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1316",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15804"
}
]
},
"cve": "CVE-2019-15804",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15804",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-28447",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15804",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15804",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-28447",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-996",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains \"Password recovery for specific user\" options. The menu is believed to be accessible using a serial console. Zyxel GS1900 An input validation vulnerability exists in the device firmware.Information may be altered. ZyXEL GS1900 is a managed switch of ZyXEL Corporation in Taiwan. \n\r\n\r\nThere is a security vulnerability in Zyxel GS1900 using firmware versions prior to 2.50 (AAHH.0) C0",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15804"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "CNVD",
"id": "CNVD-2020-28447"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15804",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28447",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
]
},
"id": "VAR-201911-1316",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
}
]
},
"last_update_date": "2023-12-18T13:07:48.917000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for ZyXEL GS1900 input verification error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/217693"
},
{
"title": "ZyXEL GS1900 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103378"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15804"
},
{
"trust": 1.6,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 1.6,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15804"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"date": "2019-11-14T21:15:11.953000",
"db": "NVD",
"id": "CVE-2019-15804"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-15804"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Input validation vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
],
"trust": 0.6
}
}
var-201911-1312
Vulnerability from variot
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.). Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan.
A security vulnerability exists in Zyxel GS1900 using firmware version 2.50 (AAHH.0) prior to C0, which is due to missing input in the 'cmd_sys_traceroute_exec()', 'cmd_sys_arp_clear()', and 'cmd_sys_ping_exec()' functions in the libclicmd.so library Verification check. An attacker could exploit this vulnerability to execute arbitrary code on the switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1312",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15800"
}
]
},
"cve": "CVE-2019-15800",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-15800",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41672",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15800",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15800",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-41672",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-992",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.). Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security vulnerability exists in Zyxel GS1900 using firmware version 2.50 (AAHH.0) prior to C0, which is due to missing input in the \u0027cmd_sys_traceroute_exec()\u0027, \u0027cmd_sys_arp_clear()\u0027, and \u0027cmd_sys_ping_exec()\u0027 functions in the libclicmd.so library Verification check. An attacker could exploit this vulnerability to execute arbitrary code on the switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "CNVD",
"id": "CNVD-2019-41672"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15800",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41672",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
]
},
"id": "VAR-201911-1312",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
}
]
},
"last_update_date": "2023-12-18T12:43:13.895000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for Unknown vulnerability in ZyXEL GS1900 (CNVD-2019-41672)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/191499"
},
{
"title": "ZyXEL GS1900 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103376"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15800"
},
{
"trust": 1.6,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 1.6,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15800"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"date": "2019-11-14T21:15:11.687000",
"db": "NVD",
"id": "CVE-2019-15800"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-15800"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Vulnerability related to input validation in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
],
"trust": 0.6
}
}
var-201911-1313
Vulnerability from variot
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0. Zyxel GS1900 The device firmware contains an information disclosure vulnerability from the cache.Information may be obtained. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan.
A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-8",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-16",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15801"
}
]
},
"cve": "CVE-2019-15801",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-15801",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41671",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15801",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15801",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-41671",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-993",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-15801",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0. Zyxel GS1900 The device firmware contains an information disclosure vulnerability from the cache.Information may be obtained. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15801",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41671",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15801",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
]
},
"id": "VAR-201911-1313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
}
]
},
"last_update_date": "2023-12-18T12:49:58.875000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for ZyXEL GS1900 uses hardcoded password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/191497"
},
{
"title": "ZyXEL GS1900 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=102963"
},
{
"title": "CVE-2019-15802",
"trust": 0.1,
"url": "https://github.com/jasperla/cve-2019-15802 "
},
{
"title": "realtek_turnkey_decrypter",
"trust": 0.1,
"url": "https://github.com/jasperla/realtek_turnkey_decrypter "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "CWE-522",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15801"
},
{
"trust": 1.7,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 1.7,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15801"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/jasperla/cve-2019-15802"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"date": "2019-11-14T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"date": "2019-11-14T21:15:11.750000",
"db": "NVD",
"id": "CVE-2019-15801"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-15801"
},
{
"date": "2019-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Device firmware vulnerable to information disclosure from cache",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
],
"trust": 0.6
}
}
var-202112-2079
Vulnerability from variot
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. (DoS) It may be in a state. Zyxel ZyXEL GS1900 is a managed switch from Zyxel, Taiwan.
An access control error vulnerability exists in several Zyxel products. The vulnerability is caused by the product's TFTP client not adding permission control to the function of executing system commands. An attacker can use this vulnerability to execute arbitrary operating system commands after logging in
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahn.0\\)-20211208"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aaho.0\\)-20211208"
},
{
"model": "gs1900-48hpv2",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(abtq.0\\)-20211208"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahk.0\\)-20211208"
},
{
"model": "gs1900-24ep",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(abto.0\\)-20211208"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aazi.0\\)-20211208"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahh.0\\)-20211208"
},
{
"model": "xgs1210-12",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "1.00\\(abty.5\\)c0"
},
{
"model": "xgs1250-12",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "1.00\\(abwe.1\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahm.0\\)-20211208"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahi.0\\)-20211208"
},
{
"model": "gs1900-24hpv2",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aatp.0\\)-20211208"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahl.0\\)-20211208"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahj.0\\)-20211208"
},
{
"model": "gs1900-24hpv2",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24ep",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-48",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-16",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24e",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "xgs1250",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "xgs1210",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahh.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahi.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aazi.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahj.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahk.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(abto.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahl.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahm.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aatp.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahn.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aaho.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(abtq.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:xgs1210-12_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.00\\(abty.5\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:xgs1210-12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:xgs1250-12_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.00\\(abwe.1\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:xgs1250-12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"cve": "CVE-2021-35031",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.7,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-35031",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.1,
"id": "CNVD-2022-01689",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "security@zyxel.com.tw",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-35031",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-35031",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security@zyxel.com.tw",
"id": "CVE-2021-35031",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-01689",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2730",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-35031",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. (DoS) It may be in a state. Zyxel ZyXEL GS1900 is a managed switch from Zyxel, Taiwan. \n\r\n\r\nAn access control error vulnerability exists in several Zyxel products. The vulnerability is caused by the product\u0027s TFTP client not adding permission control to the function of executing system commands. An attacker can use this vulnerability to execute arbitrary operating system commands after logging in",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35031",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-01689",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010304",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-35031",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
]
},
"id": "VAR-202112-2079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
}
]
},
"last_update_date": "2023-12-18T13:37:09.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel\u00a0security\u00a0advisory\u00a0for\u00a0OS\u00a0command\u00a0injection\u00a0vulnerabilities\u00a0of\u00a0GS1900,\u00a0XGS1210,\u00a0and\u00a0XGS1250\u00a0series\u00a0switches",
"trust": 0.8,
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerabilities-of-gs1900-xgs1210-and-xgs1250-series-switches"
},
{
"title": "Patch for ZyXEL GS1900 Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/312051"
},
{
"title": "ZyXEL GS1900 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176845"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35031"
},
{
"trust": 1.7,
"url": "https://www.zyxel.com/support/zyxel_security_advisory_for_os_command_injection_vulnerabilities_of_switches.shtml"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010304"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"date": "2021-12-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"date": "2023-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"date": "2021-12-28T11:15:07.463000",
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"date": "2021-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"date": "2022-01-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"date": "2023-01-17T01:51:00",
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"date": "2022-01-07T16:59:51.267000",
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Zyxel\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
],
"trust": 0.6
}
}
var-202112-2078
Vulnerability from variot
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. (DoS) It may be in a state. Zyxel ZyXEL GS1900 is a managed switch from Zyxel in Taiwan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahn.0\\)-20211208"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aaho.0\\)-20211208"
},
{
"model": "gs1900-48hpv2",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(abtq.0\\)-20211208"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahk.0\\)-20211208"
},
{
"model": "gs1900-24ep",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(abto.0\\)-20211208"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aazi.0\\)-20211208"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahh.0\\)-20211208"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahm.0\\)-20211208"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahi.0\\)-20211208"
},
{
"model": "gs1900-24hpv2",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aatp.0\\)-20211208"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahl.0\\)-20211208"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahj.0\\)-20211208"
},
{
"model": "gs1900-24hpv2",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24ep",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-48",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-16",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24e",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.60"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahh.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahi.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aazi.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahj.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahk.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(abto.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahl.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahm.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aatp.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aahn.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(aaho.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70\\(abtq.0\\)-20211208",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35032"
}
]
},
"cve": "CVE-2021-35032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-35032",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-09789",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security@zyxel.com.tw",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-35032",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-35032",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security@zyxel.com.tw",
"id": "CVE-2021-35032",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-09789",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2727",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-35032",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the \u0027libsal.so\u0027 of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. (DoS) It may be in a state. Zyxel ZyXEL GS1900 is a managed switch from Zyxel in Taiwan",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "VULMON",
"id": "CVE-2021-35032"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35032",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-09789",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010304",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-35032",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
]
},
"id": "VAR-202112-2078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
}
]
},
"last_update_date": "2023-12-18T13:37:09.916000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel\u00a0security\u00a0advisory\u00a0for\u00a0OS\u00a0command\u00a0injection\u00a0vulnerabilities\u00a0of\u00a0GS1900,\u00a0XGS1210,\u00a0and\u00a0XGS1250\u00a0series\u00a0switches",
"trust": 0.8,
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerabilities-of-gs1900-xgs1210-and-xgs1250-series-switches"
},
{
"title": "Patch for Zyxel GS1900 Operating System Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/318816"
},
{
"title": "Zyxel GS1900 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176844"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35032"
},
{
"trust": 1.7,
"url": "https://www.zyxel.com/support/zyxel_security_advisory_for_os_command_injection_vulnerabilities_of_switches.shtml"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010304"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"date": "2021-12-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"date": "2023-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"date": "2021-12-28T11:15:07.583000",
"db": "NVD",
"id": "CVE-2021-35032"
},
{
"date": "2021-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"date": "2022-01-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"date": "2023-01-17T01:33:00",
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"date": "2022-01-07T17:01:25.907000",
"db": "NVD",
"id": "CVE-2021-35032"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Operating System Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
],
"trust": 0.6
}
}
var-201911-1314
Vulnerability from variot
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware. Zyxel GS1900 Device firmware contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan.
A security hole exists in the Zyxel GS1900 with this version of firmware prior to 2.50 (AAHH.0)C0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-8",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-16",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahh.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aazi.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahj.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahk.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahl.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahm.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aahn.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.50\\(aaho.0\\)c0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15802"
}
]
},
"cve": "CVE-2019-15802",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-15802",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41670",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15802",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15802",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-41670",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-994",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware. Zyxel GS1900 Device firmware contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security hole exists in the Zyxel GS1900 with this version of firmware prior to 2.50 (AAHH.0)C0",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15802"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "CNVD",
"id": "CNVD-2019-41670"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15802",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41670",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
]
},
"id": "VAR-201911-1314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
}
]
},
"last_update_date": "2023-12-18T13:33:15.327000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for Unknown vulnerability in ZyXEL GS1900 (CNVD-2019-41670)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/191503"
},
{
"title": "ZyXEL GS1900 Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103487"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15802"
},
{
"trust": 1.6,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 1.6,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15802"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"date": "2019-11-14T21:15:11.797000",
"db": "NVD",
"id": "CVE-2019-15802"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"date": "2019-11-22T19:11:12.107000",
"db": "NVD",
"id": "CVE-2019-15802"
},
{
"date": "2019-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Vulnerabilities related to the use of hard-coded credentials in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
],
"trust": 0.6
}
}