CVE-2019-15801
Last modified
CVE-2019-15801 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. EPSS estimates a 1.49% chance of exploitation in the next 30 days.
Description
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Gs1900-8 Firmware | < 2.50\(aahh.0\)c0 |
| Zyxel | Gs1900-8hp Firmware | < 2.50\(aahi.0\)c0 |
| Zyxel | Gs1900-10hp Firmware | < 2.50\(aazi.0\)c0 |
| Zyxel | Gs1900-16 Firmware | < 2.50\(aahj.0\)c0 |
| Zyxel | Gs1900-24e Firmware | < 2.50\(aahk.0\)c0 |
| Zyxel | Gs1900-24 Firmware | < 2.50\(aahl.0\)c0 |
| Zyxel | Gs1900-24hp Firmware | < 2.50\(aahm.0\)c0 |
| Zyxel | Gs1900-48 Firmware | < 2.50\(aahn.0\)c0 |
| Zyxel | Gs1900-48hp Firmware | < 2.50\(aaho.0\)c0 |
References
- https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.htmlExploit, Third Party Advisory
- https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.htmlExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-15801?
How severe is CVE-2019-15801?
How do I fix CVE-2019-15801?
Are you affected by CVE-2019-15801?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST