CVE-2022-34746
Last modified
CVE-2022-34746 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Gs1900-8 Firmware | < 2.70\(aahh.3\)c0 |
| Zyxel | Gs1900-8hp Firmware | < 2.70\(aahi.3\)c0 |
| Zyxel | Gs1900-10hp Firmware | < 2.70\(aazi.3\)c0 |
| Zyxel | Gs1900-16 Firmware | < 2.70\(aahj.3\)c0 |
| Zyxel | Gs1900-24 Firmware | < 2.70\(aahl.3\)c0 |
| Zyxel | Gs1900-24e Firmware | < 2.70\(aahk.3\)c0 |
| Zyxel | Gs1900-24ep Firmware | < 2.70\(abto.3\)c0 |
| Zyxel | Gs1900-24hpv2 Firmware | < 2.70\(abtp.3\)c0 |
| Zyxel | Gs1900-48 Firmware | < 2.70\(aahn.3\)c0 |
| Zyxel | Gs1900-48hpv2 Firmware | < 2.70\(abtq.3\)c0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-34746?
How severe is CVE-2022-34746?
How do I fix CVE-2022-34746?
Are you affected by CVE-2022-34746?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST