Lucene search

[email protected]CVE-2022-34746

HistorySep 20, 2022 - 2:15 a.m.

CVE-2022-34746

2022-09-2002:15:00

CWE-331

[email protected]

web.nvd.nist.gov

vulnerability

zyxel gs1900

firmware

cve-2022-34746

entropy

rsa

key pair generation

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

43.6%

JSON

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.

CPENameOperatorVersion
zyxel:gs1900-8_firmwarezyxel gs1900-8 firmwarelt2.70\(aahh.3\)c0
zyxel:gs1900-8hp_firmwarezyxel gs1900-8hp firmwarelt2.70\(aahi.3\)c0
zyxel:gs1900-10hp_firmwarezyxel gs1900-10hp firmwarelt2.70\(aazi.3\)c0
zyxel:gs1900-16_firmwarezyxel gs1900-16 firmwarelt2.70\(aahj.3\)c0
zyxel:gs1900-24_firmwarezyxel gs1900-24 firmwarelt2.70\(aahl.3\)c0
zyxel:gs1900-24e_firmwarezyxel gs1900-24e firmwarelt2.70\(aahk.3\)c0
zyxel:gs1900-24ep_firmwarezyxel gs1900-24ep firmwarelt2.70\(abto.3\)c0
zyxel:gs1900-24hpv2_firmwarezyxel gs1900-24hpv2 firmwarelt2.70\(abtp.3\)c0
zyxel:gs1900-48_firmwarezyxel gs1900-48 firmwarelt2.70\(aahn.3\)c0
zyxel:gs1900-48hpv2_firmwarezyxel gs1900-48hpv2 firmwarelt2.70\(abtq.3\)c0

CPE	Name	Operator	Version
zyxel:gs1900-8_firmware	zyxel gs1900-8 firmware	lt	2.70\(aahh.3\)c0
zyxel:gs1900-8hp_firmware	zyxel gs1900-8hp firmware	lt	2.70\(aahi.3\)c0
zyxel:gs1900-10hp_firmware	zyxel gs1900-10hp firmware	lt	2.70\(aazi.3\)c0
zyxel:gs1900-16_firmware	zyxel gs1900-16 firmware	lt	2.70\(aahj.3\)c0
zyxel:gs1900-24_firmware	zyxel gs1900-24 firmware	lt	2.70\(aahl.3\)c0
zyxel:gs1900-24e_firmware	zyxel gs1900-24e firmware	lt	2.70\(aahk.3\)c0
zyxel:gs1900-24ep_firmware	zyxel gs1900-24ep firmware	lt	2.70\(abto.3\)c0
zyxel:gs1900-24hpv2_firmware	zyxel gs1900-24hpv2 firmware	lt	2.70\(abtp.3\)c0
zyxel:gs1900-48_firmware	zyxel gs1900-48 firmware	lt	2.70\(aahn.3\)c0
zyxel:gs1900-48hpv2_firmware	zyxel gs1900-48hpv2 firmware	lt	2.70\(abtq.3\)c0

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches

Social References

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

43.6%

JSON

Related for CVE-2022-34746

prion1