CVE-2019-15801

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
zyxelgs1900-8_firmware
𝑥
< 2.50\(aahh.0\)c0
zyxelgs1900-8hp_firmware
𝑥
< 2.50\(aahi.0\)c0
zyxelgs1900-10hp_firmware
𝑥
< 2.50\(aazi.0\)c0
zyxelgs1900-16_firmware
𝑥
< 2.50\(aahj.0\)c0
zyxelgs1900-24e_firmware
𝑥
< 2.50\(aahk.0\)c0
zyxelgs1900-24_firmware
𝑥
< 2.50\(aahl.0\)c0
zyxelgs1900-24hp_firmware
𝑥
< 2.50\(aahm.0\)c0
zyxelgs1900-48_firmware
𝑥
< 2.50\(aahn.0\)c0
zyxelgs1900-48hp_firmware
𝑥
< 2.50\(aaho.0\)c0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml