CVE-2019-15804
Last modified
CVE-2019-15804 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. EPSS estimates a 0.93% chance of exploitation in the next 30 days.
Description
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Gs1900-8 Firmware | < 2.50\(aahh.0\)c0 |
| Zyxel | Gs1900-8hp Firmware | < 2.50\(aahi.0\)c0 |
| Zyxel | Gs1900-10hp Firmware | < 2.50\(aazi.0\)c0 |
| Zyxel | Gs1900-16 Firmware | < 2.50\(aahj.0\)c0 |
| Zyxel | Gs1900-24e Firmware | < 2.50\(aahk.0\)c0 |
| Zyxel | Gs1900-24 Firmware | < 2.50\(aahl.0\)c0 |
| Zyxel | Gs1900-24hp Firmware | < 2.50\(aahm.0\)c0 |
| Zyxel | Gs1900-48 Firmware | < 2.50\(aahn.0\)c0 |
| Zyxel | Gs1900-48hp Firmware | < 2.50\(aaho.0\)c0 |
References
- https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.htmlExploit, Third Party Advisory
- https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.htmlExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-15804?
How severe is CVE-2019-15804?
How do I fix CVE-2019-15804?
Are you affected by CVE-2019-15804?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST