cvelistv5 - cve-2019-15799

CVE-2019-15799 (GCVE-0-2019-15799)

Vulnerability from cvelistv5 – Published: 2019-11-14 20:16 – Updated: 2024-08-05 00:56

Summary

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://jasper.la/exploring-zyxel-gs1900-firmware…	x_refsource_MISC
	https://vimeo.com/354726424	x_refsource_MISC
	https://www.zyxel.com/support/gs1900-switch-vulne…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:56:22.461Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://vimeo.com/354726424"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-14T20:16:33",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://vimeo.com/354726424"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15799",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",
              "refsource": "MISC",
              "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
            },
            {
              "name": "https://vimeo.com/354726424",
              "refsource": "MISC",
              "url": "https://vimeo.com/354726424"
            },
            {
              "name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml",
              "refsource": "CONFIRM",
              "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15799",
    "datePublished": "2019-11-14T20:16:33",
    "dateReserved": "2019-08-29T00:00:00",
    "dateUpdated": "2024-08-05T00:56:22.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.50\\\\(aahh.0\\\\)c0\", \"matchCriteriaId\": \"B5428A26-563D-47A7-A771-D6F20775EDF5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51D33F50-B5A4-4AEF-972C-7FF089C21D52\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.50\\\\(aahi.0\\\\)c0\", \"matchCriteriaId\": \"0E6DB241-5659-414E-856E-C5D790D07F8B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27602862-EFB7-402B-994E-254A0B210820\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.50\\\\(aazi.0\\\\)c0\", \"matchCriteriaId\": \"21D9999F-C55E-4BAB-A401-007FB34B2A5E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89201505-07AF-4F9C-9304-46F2707DB9B4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.50\\\\(aahj.0\\\\)c0\", \"matchCriteriaId\": \"52D51F8F-8BCB-4571-A782-264B71C7CD76\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.50\\\\(aahk.0\\\\)c0\", \"matchCriteriaId\": \"3687A400-9D7F-453A-88D7-C87B85B6E4EB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.50\\\\(aahl.0\\\\)c0\", \"matchCriteriaId\": \"6733BECF-F9A3-4748-8A96-DFB10A670C35\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4F55299-70D5-4CE1-A1EC-D79B469B94F7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.50\\\\(aahm.0\\\\)c0\", \"matchCriteriaId\": \"5D3A3C5E-2027-40EE-A9EF-983474E9DC07\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74B1D264-99AC-4AA8-955C-602F2DA5B885\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.50\\\\(aahn.0\\\\)c0\", \"matchCriteriaId\": \"45D88D78-F7C9-45BB-8E47-2BD24B8616B2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFB7D4BF-7D17-48D3-990D-4BADAC8BD868\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.50\\\\(aaho.0\\\\)c0\", \"matchCriteriaId\": \"C6EA6D9E-B5D4-4043-90C5-409B5875A3B5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"566A9E8C-AF55-4331-B9B0-F65EB900B0BE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versi\\u00f3n 2.50 (AAHH.0) C0. Las cuentas de usuario creadas a trav\\u00e9s de la interfaz web del dispositivo, cuando se les otorgan privilegios de nivel no administrativo, tienen el mismo nivel de acceso privilegiado que los administradores cuando se conectan al dispositivo a trav\\u00e9s de SSH (mientras que sus permisos a trav\\u00e9s de la interfaz web est\\u00e1n de hecho restringidos). Esto permite a los usuarios normales obtener la contrase\\u00f1a administrativa ejecutando el comando de soporte t\\u00e9cnico a trav\\u00e9s de la CLI: contiene las contrase\\u00f1as cifradas para todos los usuarios en el dispositivo. Como estas contrase\\u00f1as se cifran con par\\u00e1metros conocidos y est\\u00e1ticos, se pueden descifrar y se pueden obtener las contrase\\u00f1as originales (incluida la contrase\\u00f1a del administrador).\"}]",
      "id": "CVE-2019-15799",
      "lastModified": "2024-11-21T04:29:29.333",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-11-14T21:15:11.623",
      "references": "[{\"url\": \"https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://vimeo.com/354726424\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://vimeo.com/354726424\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-15799\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-11-14T21:15:11.623\",\"lastModified\":\"2024-11-21T04:29:29.333\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versi\u00f3n 2.50 (AAHH.0) C0. Las cuentas de usuario creadas a trav\u00e9s de la interfaz web del dispositivo, cuando se les otorgan privilegios de nivel no administrativo, tienen el mismo nivel de acceso privilegiado que los administradores cuando se conectan al dispositivo a trav\u00e9s de SSH (mientras que sus permisos a trav\u00e9s de la interfaz web est\u00e1n de hecho restringidos). Esto permite a los usuarios normales obtener la contrase\u00f1a administrativa ejecutando el comando de soporte t\u00e9cnico a trav\u00e9s de la CLI: contiene las contrase\u00f1as cifradas para todos los usuarios en el dispositivo. Como estas contrase\u00f1as se cifran con par\u00e1metros conocidos y est\u00e1ticos, se pueden descifrar y se pueden obtener las contrase\u00f1as originales (incluida la contrase\u00f1a del administrador).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.50\\\\(aahh.0\\\\)c0\",\"matchCriteriaId\":\"B5428A26-563D-47A7-A771-D6F20775EDF5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D33F50-B5A4-4AEF-972C-7FF089C21D52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.50\\\\(aahi.0\\\\)c0\",\"matchCriteriaId\":\"0E6DB241-5659-414E-856E-C5D790D07F8B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27602862-EFB7-402B-994E-254A0B210820\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.50\\\\(aazi.0\\\\)c0\",\"matchCriteriaId\":\"21D9999F-C55E-4BAB-A401-007FB34B2A5E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89201505-07AF-4F9C-9304-46F2707DB9B4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.50\\\\(aahj.0\\\\)c0\",\"matchCriteriaId\":\"52D51F8F-8BCB-4571-A782-264B71C7CD76\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.50\\\\(aahk.0\\\\)c0\",\"matchCriteriaId\":\"3687A400-9D7F-453A-88D7-C87B85B6E4EB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.50\\\\(aahl.0\\\\)c0\",\"matchCriteriaId\":\"6733BECF-F9A3-4748-8A96-DFB10A670C35\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4F55299-70D5-4CE1-A1EC-D79B469B94F7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.50\\\\(aahm.0\\\\)c0\",\"matchCriteriaId\":\"5D3A3C5E-2027-40EE-A9EF-983474E9DC07\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74B1D264-99AC-4AA8-955C-602F2DA5B885\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.50\\\\(aahn.0\\\\)c0\",\"matchCriteriaId\":\"45D88D78-F7C9-45BB-8E47-2BD24B8616B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFB7D4BF-7D17-48D3-990D-4BADAC8BD868\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.50\\\\(aaho.0\\\\)c0\",\"matchCriteriaId\":\"C6EA6D9E-B5D4-4043-90C5-409B5875A3B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"566A9E8C-AF55-4331-B9B0-F65EB900B0BE\"}]}]}],\"references\":[{\"url\":\"https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vimeo.com/354726424\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vimeo.com/354726424\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-201911-1311

Vulnerability from variot - Updated: 2023-12-18 14:00

A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit the vulnerability to obtain an administrative password

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1311",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "gs1900-8",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "zyxel",
        "version": null
      },
      {
        "model": "gs1900-8hp",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "zyxel",
        "version": null
      },
      {
        "model": "gs1900-10hp",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "zyxel",
        "version": null
      },
      {
        "model": "gs1900-10hp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "zyxel",
        "version": "2.50\\(aazi.0\\)c0"
      },
      {
        "model": "gs1900-24e",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "zyxel",
        "version": "2.50\\(aahk.0\\)c0"
      },
      {
        "model": "gs1900-16",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "zyxel",
        "version": "2.50\\(aahj.0\\)c0"
      },
      {
        "model": "gs1900-8hp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "zyxel",
        "version": "2.50\\(aahi.0\\)c0"
      },
      {
        "model": "gs1900-48hp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "zyxel",
        "version": "2.50\\(aaho.0\\)c0"
      },
      {
        "model": "gs1900-24hp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "zyxel",
        "version": "2.50\\(aahm.0\\)c0"
      },
      {
        "model": "gs1900-8",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "zyxel",
        "version": "2.50\\(aahh.0\\)c0"
      },
      {
        "model": "gs1900-48",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "zyxel",
        "version": "2.50\\(aahn.0\\)c0"
      },
      {
        "model": "gs1900-24",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "zyxel",
        "version": "2.50\\(aahl.0\\)c0"
      },
      {
        "model": "gs1900-10hp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zyxel",
        "version": "2.50(aahh.0)c0"
      },
      {
        "model": "gs1900-16",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zyxel",
        "version": "2.50(aahh.0)c0"
      },
      {
        "model": "gs1900-24",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zyxel",
        "version": "2.50(aahh.0)c0"
      },
      {
        "model": "gs1900-24e",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zyxel",
        "version": "2.50(aahh.0)c0"
      },
      {
        "model": "gs1900-24hp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zyxel",
        "version": "2.50(aahh.0)c0"
      },
      {
        "model": "gs1900-48",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zyxel",
        "version": "2.50(aahh.0)c0"
      },
      {
        "model": "gs1900-48hp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zyxel",
        "version": "2.50(aahh.0)c0"
      },
      {
        "model": "gs1900-8",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zyxel",
        "version": "2.50(aahh.0)c0"
      },
      {
        "model": "gs1900-8hp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zyxel",
        "version": "2.50(aahh.0)c0"
      },
      {
        "model": "gs1900 \u003c2.50 c0",
        "scope": null,
        "trust": 0.6,
        "vendor": "zyxel",
        "version": null
      },
      {
        "model": "gs1900-8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zyxel",
        "version": "2.40"
      },
      {
        "model": "gs1900-16",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zyxel",
        "version": null
      },
      {
        "model": "gs1900-8hp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zyxel",
        "version": "2.40"
      },
      {
        "model": "gs1900-10hp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zyxel",
        "version": "2.40"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-41667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012187"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-991"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahh.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahi.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aazi.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahj.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahk.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahl.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahm.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahn.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aaho.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-15799"
      }
    ]
  },
  "cve": "CVE-2019-15799",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2019-15799",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-41667",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-15799",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-15799",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-41667",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201911-991",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-41667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012187"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-991"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. Zyxel GS1900 There is a privilege management vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit the vulnerability to obtain an administrative password",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-15799"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012187"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-41667"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-15799",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012187",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-41667",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-991",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-41667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012187"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-991"
      }
    ]
  },
  "id": "VAR-201911-1311",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-41667"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-41667"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:00:42.318000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Zyxel security advisory for GS1900 switch vulnerabilities",
        "trust": 0.8,
        "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
      },
      {
        "title": "Patch for Unknown vulnerabilities in ZyXEL GS1900",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/191511"
      },
      {
        "title": "ZyXEL GS1900 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=102961"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-41667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-991"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012187"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15799"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15799"
      },
      {
        "trust": 1.6,
        "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
      },
      {
        "trust": 1.6,
        "url": "https://vimeo.com/354726424"
      },
      {
        "trust": 1.6,
        "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15799"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-41667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012187"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-991"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-41667"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012187"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-15799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-991"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-41667"
      },
      {
        "date": "2019-11-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012187"
      },
      {
        "date": "2019-11-14T21:15:11.623000",
        "db": "NVD",
        "id": "CVE-2019-15799"
      },
      {
        "date": "2019-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-991"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-41667"
      },
      {
        "date": "2019-11-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012187"
      },
      {
        "date": "2019-11-21T18:15:55.813000",
        "db": "NVD",
        "id": "CVE-2019-15799"
      },
      {
        "date": "2019-12-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-991"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-991"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Zyxel GS1900 Vulnerability related to privilege management in device firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012187"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-991"
      }
    ],
    "trust": 0.6
  }
}

GHSA-FVPF-4M7H-JG3P

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-15799"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.",
  "id": "GHSA-fvpf-4m7h-jg3p",
  "modified": "2022-05-24T17:01:17Z",
  "published": "2022-05-24T17:01:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15799"
    },
    {
      "type": "WEB",
      "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
    },
    {
      "type": "WEB",
      "url": "https://vimeo.com/354726424"
    },
    {
      "type": "WEB",
      "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2019-15799

Vulnerability from fkie_nvd - Published: 2019-11-14 21:15 - Updated: 2024-11-21 04:29

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html	Exploit, Third Party Advisory
cve@mitre.org	https://vimeo.com/354726424	Exploit, Third Party Advisory
cve@mitre.org	https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://vimeo.com/354726424	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml	Vendor Advisory

Impacted products

Vendor	Product	Version
zyxel	gs1900-8_firmware	*
zyxel	gs1900-8	-
zyxel	gs1900-8hp_firmware	*
zyxel	gs1900-8hp	-
zyxel	gs1900-10hp_firmware	*
zyxel	gs1900-10hp	-
zyxel	gs1900-16_firmware	*
zyxel	gs1900-16	-
zyxel	gs1900-24e_firmware	*
zyxel	gs1900-24e	-
zyxel	gs1900-24_firmware	*
zyxel	gs1900-24	-
zyxel	gs1900-24hp_firmware	*
zyxel	gs1900-24hp	-
zyxel	gs1900-48_firmware	*
zyxel	gs1900-48	-
zyxel	gs1900-48hp_firmware	*
zyxel	gs1900-48hp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5",
              "versionEndExcluding": "2.50\\(aahh.0\\)c0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B",
              "versionEndExcluding": "2.50\\(aahi.0\\)c0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E",
              "versionEndExcluding": "2.50\\(aazi.0\\)c0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76",
              "versionEndExcluding": "2.50\\(aahj.0\\)c0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB",
              "versionEndExcluding": "2.50\\(aahk.0\\)c0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35",
              "versionEndExcluding": "2.50\\(aahl.0\\)c0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07",
              "versionEndExcluding": "2.50\\(aahm.0\\)c0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2",
              "versionEndExcluding": "2.50\\(aahn.0\\)c0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5",
              "versionEndExcluding": "2.50\\(aaho.0\\)c0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versi\u00f3n 2.50 (AAHH.0) C0. Las cuentas de usuario creadas a trav\u00e9s de la interfaz web del dispositivo, cuando se les otorgan privilegios de nivel no administrativo, tienen el mismo nivel de acceso privilegiado que los administradores cuando se conectan al dispositivo a trav\u00e9s de SSH (mientras que sus permisos a trav\u00e9s de la interfaz web est\u00e1n de hecho restringidos). Esto permite a los usuarios normales obtener la contrase\u00f1a administrativa ejecutando el comando de soporte t\u00e9cnico a trav\u00e9s de la CLI: contiene las contrase\u00f1as cifradas para todos los usuarios en el dispositivo. Como estas contrase\u00f1as se cifran con par\u00e1metros conocidos y est\u00e1ticos, se pueden descifrar y se pueden obtener las contrase\u00f1as originales (incluida la contrase\u00f1a del administrador)."
    }
  ],
  "id": "CVE-2019-15799",
  "lastModified": "2024-11-21T04:29:29.333",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-14T21:15:11.623",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://vimeo.com/354726424"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://vimeo.com/354726424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-41667

Vulnerability from cnvd - Published: 2019-11-21

Title

ZyXEL GS1900存在未明漏洞

Description

ZyXEL GS1900是中国台湾合勤（ZyXEL）公司的一款管理型交换机。使用2.50(AAHH.0)C0之前版本固件的Zyxel GS1900中存在安全漏洞。攻击者可利用该漏洞获取管理密码。

Severity

高

Patch Name

ZyXEL GS1900存在未明漏洞的补丁

Patch Description

ZyXEL GS1900是中国台湾合勤（ZyXEL）公司的一款管理型交换机。使用2.50(AAHH.0)C0之前版本固件的Zyxel GS1900中存在安全漏洞。攻击者可利用该漏洞获取管理密码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-15799

Impacted products

Name
ZyXEL GS1900 <2.50(AAHH.0)C0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-15799"
    }
  },
  "description": "ZyXEL GS1900\u662f\u4e2d\u56fd\u53f0\u6e7e\u5408\u52e4\uff08ZyXEL\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7ba1\u7406\u578b\u4ea4\u6362\u673a\u3002\n\n\u4f7f\u75282.50(AAHH.0)C0\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Zyxel GS1900\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u5bc6\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41667",
  "openTime": "2019-11-21",
  "patchDescription": "ZyXEL GS1900\u662f\u4e2d\u56fd\u53f0\u6e7e\u5408\u52e4\uff08ZyXEL\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7ba1\u7406\u578b\u4ea4\u6362\u673a\u3002\r\n\r\n\u4f7f\u75282.50(AAHH.0)C0\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Zyxel GS1900\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZyXEL GS1900\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ZyXEL   GS1900 \u003c2.50(AAHH.0)C0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-15799",
  "serverity": "\u9ad8",
  "submitTime": "2019-11-19",
  "title": "ZyXEL GS1900\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

GSD-2019-15799

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-15799

Aliases

CVE-2019-15799

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-15799",
    "description": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.",
    "id": "GSD-2019-15799"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-15799"
      ],
      "details": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.",
      "id": "GSD-2019-15799",
      "modified": "2023-12-13T01:23:38.178822Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-15799",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",
            "refsource": "MISC",
            "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
          },
          {
            "name": "https://vimeo.com/354726424",
            "refsource": "MISC",
            "url": "https://vimeo.com/354726424"
          },
          {
            "name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml",
            "refsource": "CONFIRM",
            "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahh.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahi.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aazi.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahj.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahk.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahl.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahm.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aahn.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.50\\(aaho.0\\)c0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15799"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
            },
            {
              "name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
            },
            {
              "name": "https://vimeo.com/354726424",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://vimeo.com/354726424"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-11-21T18:15Z",
      "publishedDate": "2019-11-14T21:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-15799 (GCVE-0-2019-15799)

VAR-201911-1311

GHSA-FVPF-4M7H-JG3P

FKIE_CVE-2019-15799

CNVD-2019-41667

GSD-2019-15799

Tags

Sightings

Nomenclature