CVE-2015-7256

Name: CVE-2015-7256
Creator: NVD / NIST
Published: 2017-09-28T01:29:00.67+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.79%

Last modified Jun 17, 2026

CVE-2015-7256 is a vulnerability of currently unknown severity. ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.. EPSS estimates a 0.79% chance of exploitation in the next 30 days.

Description

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.

Metrics

EPSS Probability

0.79%

51.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-310

Affected Software

Vendor	Product	Versions
Zyxel	Nwa1100-N Firmware	All versions
Zyxel	Nwa1100-Nh Firmware	All versions
Zyxel	Nwa1121-Ni Firmware	All versions
Zyxel	Nwa1123-Ac Firmware	All versions
Zyxel	Nwa1123-Ni Firmware	All versions
Zyxel	P-660hn-51 Firmware	All versions
Zyxel	P-663hn-51 Firmware	All versions
Zyxel	Vmg1312-B10a Firmware	All versions
Zyxel	Vmg1312-B30a Firmware	All versions
Zyxel	Vmg1312-B30b Firmware	All versions
Zyxel	Vmg4380-B10a Firmware	All versions
Zyxel	Vmg8324-B10a Firmware	All versions
Zyxel	Vmg8924-B10a Firmware	All versions
Zyxel	Vmg8924-B30a Firmware	All versions
Zyxel	Vsg1435-B101 Firmware	All versions
Zyxel	Pmg5318-B20a Firmware	All versions
Zyxel	Sbg3300-N000 Firmware	All versions
Zyxel	Sbg3300-Nb00 Firmware	All versions
Zyxel	Sbg3500-N000 Firmware	All versions
Zyxel	Gs1900-8 Firmware	All versions
Zyxel	Gs1900-24 Firmware	All versions
Zyxel	C1000z Firmware	All versions
Zyxel	Q1000 Firmware	All versions
Zyxel	Fr1000z Firmware	All versions
Zyxel	P8702n Firmware	All versions

References

http://www.kb.cert.org/vuls/id/566724Third Party Advisory, US Government Resource
http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtmlVendor Advisory
http://www.kb.cert.org/vuls/id/566724Third Party Advisory, US Government Resource
http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtmlVendor Advisory

Timeline

Published: Sep 28, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-7256?

How severe is CVE-2015-7256?

Severity scoring for CVE-2015-7256 is pending analysis. The EPSS model estimates a 0.79% probability of exploitation in the next 30 days.

How do I fix CVE-2015-7256?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-7256?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST