CVE-2015-7256

28.09.2017, 01:29

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
certcc	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Vendor	Product	Version
zyxel	nwa1100-n_firmware	-
zyxel	nwa1100-nh_firmware	-
zyxel	nwa1121-ni_firmware	-
zyxel	nwa1123-ac_firmware	-
zyxel	nwa1123-ni_firmware	-
zyxel	p-660hn-51_firmware	-
zyxel	p-663hn-51_firmware	-
zyxel	vmg1312-b10a_firmware	-
zyxel	vmg1312-b30a_firmware	-
zyxel	vmg1312-b30b_firmware	-
zyxel	vmg4380-b10a_firmware	-
zyxel	vmg8324-b10a_firmware	-
zyxel	vmg8924-b10a_firmware	-
zyxel	vmg8924-b30a_firmware	-
zyxel	vsg1435-b101_firmware	-
zyxel	pmg5318-b20a_firmware	-
zyxel	sbg3300-n000_firmware	-
zyxel	sbg3300-nb00_firmware	-
zyxel	sbg3500-n000_firmware	-
zyxel	gs1900-8_firmware	-
zyxel	gs1900-24_firmware	-
zyxel	c1000z_firmware	-
zyxel	q1000_firmware	-
zyxel	fr1000z_firmware	-
zyxel	p8702n_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-310 -

References

http://www.kb.cert.org/vuls/id/566724

http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml

http://www.kb.cert.org/vuls/id/566724

http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml