CVE-2022-34746 (GCVE-0-2022-34746)
Vulnerability from cvelistv5 – Published: 2022-09-20 01:50 – Updated: 2025-05-29 13:42
VLAI?
Summary
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.
Severity ?
5.9 (Medium)
CWE
- CWE-331 - Insufficient Entropy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | Zyxel GS1900 series firmware |
Affected:
< V2.70
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:09.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T13:42:40.192311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T13:42:48.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zyxel GS1900 series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V2.70"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331: Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T01:50:09.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-34746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zyxel GS1900 series firmware",
"version": {
"version_data": [
{
"version_value": "\u003c V2.70"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-331: Insufficient Entropy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-34746",
"datePublished": "2022-09-20T01:50:09.000Z",
"dateReserved": "2022-06-28T00:00:00.000Z",
"dateUpdated": "2025-05-29T13:42:48.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.70\\\\(aahh.3\\\\)c0\", \"matchCriteriaId\": \"9B8C89E9-1F95-41E8-9E03-ACF475F2D2D0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51D33F50-B5A4-4AEF-972C-7FF089C21D52\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.70\\\\(aahi.3\\\\)c0\", \"matchCriteriaId\": \"309B1AEB-4154-42A1-B892-EC511A3C03F0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27602862-EFB7-402B-994E-254A0B210820\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.70\\\\(aazi.3\\\\)c0\", \"matchCriteriaId\": \"6BDB45D9-2EF6-41FC-94A4-FFE7D3105C43\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89201505-07AF-4F9C-9304-46F2707DB9B4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.70\\\\(aahj.3\\\\)c0\", \"matchCriteriaId\": \"8FC381F1-041B-4634-9F67-698E29037955\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.70\\\\(aahl.3\\\\)c0\", \"matchCriteriaId\": \"7B87441A-7C43-4B63-99D5-BA70364F062D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4F55299-70D5-4CE1-A1EC-D79B469B94F7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.70\\\\(aahk.3\\\\)c0\", \"matchCriteriaId\": \"A1AF52CD-C62F-41C5-89BB-253A6F5C3624\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.70\\\\(abto.3\\\\)c0\", \"matchCriteriaId\": \"8EEEAB28-5FE5-42E4-88E6-9BCDA03B9420\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B22AA8B1-11E2-408F-A1F6-0F8AF32AB131\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.70\\\\(abtp.3\\\\)c0\", \"matchCriteriaId\": \"1841493A-E849-413B-B39D-77A8E940B138\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"512D9A91-8DA7-47F1-AC77-AF743F99BFF3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.70\\\\(aahn.3\\\\)c0\", \"matchCriteriaId\": \"17331D45-94BA-489F-BA8A-53F72026244C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFB7D4BF-7D17-48D3-990D-4BADAC8BD868\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.70\\\\(abtq.3\\\\)c0\", \"matchCriteriaId\": \"32A2CB26-844A-41ED-A59A-E67ACD371DCA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC74C679-6D22-47E4-AE8A-2647B1AA4276\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.\"}, {\"lang\": \"es\", \"value\": \"Se ha encontrado una vulnerabilidad de entrop\\u00eda insuficiente causada por el uso inapropiado de fuentes de aleatoriedad con baja entrop\\u00eda para la generaci\\u00f3n de pares de claves RSA en las versiones de firmware de la serie Zyxel GS1900 versiones anteriores a V2.70. Esta vulnerabilidad podr\\u00eda permitir a un atacante no autenticado recuperar una clave privada mediante la factorizaci\\u00f3n del m\\u00f3dulo N de RSA en el certificado de la interfaz de administraci\\u00f3n web\"}]",
"id": "CVE-2022-34746",
"lastModified": "2024-11-21T07:10:06.513",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@zyxel.com.tw\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}]}",
"published": "2022-09-20T02:15:08.640",
"references": "[{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches\", \"source\": \"security@zyxel.com.tw\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@zyxel.com.tw\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-331\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-331\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-34746\",\"sourceIdentifier\":\"security@zyxel.com.tw\",\"published\":\"2022-09-20T02:15:08.640\",\"lastModified\":\"2024-11-21T07:10:06.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad de entrop\u00eda insuficiente causada por el uso inapropiado de fuentes de aleatoriedad con baja entrop\u00eda para la generaci\u00f3n de pares de claves RSA en las versiones de firmware de la serie Zyxel GS1900 versiones anteriores a V2.70. Esta vulnerabilidad podr\u00eda permitir a un atacante no autenticado recuperar una clave privada mediante la factorizaci\u00f3n del m\u00f3dulo N de RSA en el certificado de la interfaz de administraci\u00f3n web\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-331\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-331\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahh.3\\\\)c0\",\"matchCriteriaId\":\"9B8C89E9-1F95-41E8-9E03-ACF475F2D2D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D33F50-B5A4-4AEF-972C-7FF089C21D52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahi.3\\\\)c0\",\"matchCriteriaId\":\"309B1AEB-4154-42A1-B892-EC511A3C03F0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27602862-EFB7-402B-994E-254A0B210820\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aazi.3\\\\)c0\",\"matchCriteriaId\":\"6BDB45D9-2EF6-41FC-94A4-FFE7D3105C43\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89201505-07AF-4F9C-9304-46F2707DB9B4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahj.3\\\\)c0\",\"matchCriteriaId\":\"8FC381F1-041B-4634-9F67-698E29037955\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahl.3\\\\)c0\",\"matchCriteriaId\":\"7B87441A-7C43-4B63-99D5-BA70364F062D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4F55299-70D5-4CE1-A1EC-D79B469B94F7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahk.3\\\\)c0\",\"matchCriteriaId\":\"A1AF52CD-C62F-41C5-89BB-253A6F5C3624\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(abto.3\\\\)c0\",\"matchCriteriaId\":\"8EEEAB28-5FE5-42E4-88E6-9BCDA03B9420\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B22AA8B1-11E2-408F-A1F6-0F8AF32AB131\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(abtp.3\\\\)c0\",\"matchCriteriaId\":\"1841493A-E849-413B-B39D-77A8E940B138\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"512D9A91-8DA7-47F1-AC77-AF743F99BFF3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahn.3\\\\)c0\",\"matchCriteriaId\":\"17331D45-94BA-489F-BA8A-53F72026244C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFB7D4BF-7D17-48D3-990D-4BADAC8BD868\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(abtq.3\\\\)c0\",\"matchCriteriaId\":\"32A2CB26-844A-41ED-A59A-E67ACD371DCA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC74C679-6D22-47E4-AE8A-2647B1AA4276\"}]}]}],\"references\":[{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches\",\"source\":\"security@zyxel.com.tw\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T09:22:09.990Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-34746\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-29T13:42:40.192311Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-29T13:42:45.543Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Zyxel\", \"product\": \"Zyxel GS1900 series firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c V2.70\"}]}], \"references\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-331\", \"description\": \"CWE-331: Insufficient Entropy\"}]}], \"providerMetadata\": {\"orgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"shortName\": \"Zyxel\", \"dateUpdated\": \"2022-09-20T01:50:09.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.1\", \"baseScore\": \"5.9\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"\u003c V2.70\"}]}, \"product_name\": \"Zyxel GS1900 series firmware\"}]}, \"vendor_name\": \"Zyxel\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches\", \"name\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-331: Insufficient Entropy\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-34746\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"security@zyxel.com.tw\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-34746\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-29T13:42:48.236Z\", \"dateReserved\": \"2022-06-28T00:00:00.000Z\", \"assignerOrgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"datePublished\": \"2022-09-20T01:50:09.000Z\", \"assignerShortName\": \"Zyxel\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…