Lucene search

[email protected]CVE-2019-15802

HistoryNov 14, 2019 - 9:15 p.m.

CVE-2019-15802

2019-11-1421:15:00

CWE-798

[email protected]

web.nvd.nist.gov

zyxel

gs1900

firmware

security vulnerability

encryption

cryptographic key

nvd

cve-2019-15802

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.8%

JSON

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware.

CPENameOperatorVersion
zyxel:gs1900-8_firmwarezyxel gs1900-8 firmwarelt2.50\(aahh.0\)c0
zyxel:gs1900-8hp_firmwarezyxel gs1900-8hp firmwarelt2.50\(aahi.0\)c0
zyxel:gs1900-10hp_firmwarezyxel gs1900-10hp firmwarelt2.50\(aazi.0\)c0
zyxel:gs1900-16_firmwarezyxel gs1900-16 firmwarelt2.50\(aahj.0\)c0
zyxel:gs1900-24e_firmwarezyxel gs1900-24e firmwarelt2.50\(aahk.0\)c0
zyxel:gs1900-24_firmwarezyxel gs1900-24 firmwarelt2.50\(aahl.0\)c0
zyxel:gs1900-24hp_firmwarezyxel gs1900-24hp firmwarelt2.50\(aahm.0\)c0
zyxel:gs1900-48_firmwarezyxel gs1900-48 firmwarelt2.50\(aahn.0\)c0
zyxel:gs1900-48hp_firmwarezyxel gs1900-48hp firmwarelt2.50\(aaho.0\)c0

CPE	Name	Operator	Version
zyxel:gs1900-8_firmware	zyxel gs1900-8 firmware	lt	2.50\(aahh.0\)c0
zyxel:gs1900-8hp_firmware	zyxel gs1900-8hp firmware	lt	2.50\(aahi.0\)c0
zyxel:gs1900-10hp_firmware	zyxel gs1900-10hp firmware	lt	2.50\(aazi.0\)c0
zyxel:gs1900-16_firmware	zyxel gs1900-16 firmware	lt	2.50\(aahj.0\)c0
zyxel:gs1900-24e_firmware	zyxel gs1900-24e firmware	lt	2.50\(aahk.0\)c0
zyxel:gs1900-24_firmware	zyxel gs1900-24 firmware	lt	2.50\(aahl.0\)c0
zyxel:gs1900-24hp_firmware	zyxel gs1900-24hp firmware	lt	2.50\(aahm.0\)c0
zyxel:gs1900-48_firmware	zyxel gs1900-48 firmware	lt	2.50\(aahn.0\)c0
zyxel:gs1900-48hp_firmware	zyxel gs1900-48hp firmware	lt	2.50\(aaho.0\)c0

References

jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html

www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for CVE-2019-15802

prion1 cvelist1