cnvd - cnvd-2020-28446

CNVD-2020-28446

Vulnerability from cnvd - Published: 2020-05-15

Title

ZyXEL NBG-418N v2授权问题漏洞

Description

ZyXEL NBG-418N v2是中国台湾合勤（ZyXEL）公司的一款无线路由器。使用V1.00(AARP.9)C0版本固件的Zyxel NBG-418N v2中的wan.htm页面存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。目前没有详细的漏洞细节提供。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新: https://www.zyxel.com

Impacted products

Name
ZyXEL NBG-418N v2 V1.00(AARP.9)C0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-17354",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-17354"
    }
  },
  "description": "ZyXEL NBG-418N v2\u662f\u4e2d\u56fd\u53f0\u6e7e\u5408\u52e4\uff08ZyXEL\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\n\u4f7f\u7528V1.00(AARP.9)C0\u7248\u672c\u56fa\u4ef6\u7684Zyxel NBG-418N v2\u4e2d\u7684wan.htm\u9875\u9762\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u63aa\u65bd\u6216\u8eab\u4efd\u9a8c\u8bc1\u5f3a\u5ea6\u4e0d\u8db3\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0:\r\nhttps://www.zyxel.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-28446",
  "openTime": "2020-05-15",
  "products": {
    "product": "ZyXEL   NBG-418N v2 V1.00(AARP.9)C0"
  },
  "serverity": "\u9ad8",
  "submitTime": "2019-11-20",
  "title": "ZyXEL NBG-418N v2\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2019-17354 (GCVE-0-2019-17354)

Vulnerability from cvelistv5 – Published: 2019-10-09 11:57 – Updated: 2024-08-05 01:40

Summary

wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.zyxel.com/us/en/	x_refsource_MISC
	https://github.com/d0x0/Zyxel-NBG-418N-v2/blob/ma…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zyxel.com/us/en/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/d0x0/Zyxel-NBG-418N-v2/blob/master/CVE-2019-17354"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T11:57:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zyxel.com/us/en/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/d0x0/Zyxel-NBG-418N-v2/blob/master/CVE-2019-17354"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17354",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zyxel.com/us/en/",
              "refsource": "MISC",
              "url": "https://www.zyxel.com/us/en/"
            },
            {
              "name": "https://github.com/d0x0/Zyxel-NBG-418N-v2/blob/master/CVE-2019-17354",
              "refsource": "MISC",
              "url": "https://github.com/d0x0/Zyxel-NBG-418N-v2/blob/master/CVE-2019-17354"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17354",
    "datePublished": "2019-10-09T11:57:13",
    "dateReserved": "2019-10-08T00:00:00",
    "dateUpdated": "2024-08-05T01:40:15.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-28446

CVE-2019-17354 (GCVE-0-2019-17354)

Tags

Sightings

Nomenclature