Lucene search
K

130 matches found

OSV
OSV
added 2019/11/14 9:15 p.m.4 views

CVE-2019-15802

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in salutilstrencrypt in libsal.so.0.0. The parameters salt, IV, and key data are used to encrypt and decrypt all passwords using AES256...

5.9CVSS6.2AI score0.015EPSS
Exploits1References2
OSV
OSV
added 2019/11/14 9:15 p.m.3 views

CVE-2019-15804

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application e.g., through CTRL+\ via SSH. The access...

7.5CVSS7.1AI score0.00931EPSS
Exploits1References2
OSV
OSV
added 2019/11/14 9:15 p.m.4 views

CVE-2019-15801

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware,...

7.5CVSS7.1AI score0.01486EPSS
Exploits1References2
OSV
OSV
added 2019/11/14 9:15 p.m.5 views

CVE-2019-15800

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Due to lack of input validation in the cmdsystracerouteexec, cmdsysarpclear, and cmdsyspingexec functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call...

9.8CVSS7.4AI score0.03872EPSS
Exploits1References2
OSV
OSV
added 2019/11/14 9:15 p.m.5 views

CVE-2019-15803

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fdssyspassDebugPasswdret. The...

9.1CVSS7.4AI score0.01323EPSS
Exploits1References2
NVD
NVD
added 2019/11/14 9:15 p.m.22 views

CVE-2019-15799

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH while their...

9CVSS8.8AI score0.02309EPSS
Exploits1References3
NVD
NVD
added 2019/11/14 9:15 p.m.30 views

CVE-2019-15803

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fdssyspassDebugPasswdret. The...

9.1CVSS9.3AI score0.01323EPSS
Exploits1References2
NVD
NVD
added 2019/11/14 9:15 p.m.16 views

CVE-2019-15800

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Due to lack of input validation in the cmdsystracerouteexec, cmdsysarpclear, and cmdsyspingexec functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call...

10CVSS10AI score0.03872EPSS
Exploits1References2
OSV
OSV
added 2019/11/14 9:15 p.m.5 views

CVE-2019-15799

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH while their...

8.8CVSS7.3AI score0.02309EPSS
Exploits1References3
NVD
NVD
added 2019/11/14 9:15 p.m.26 views

CVE-2019-15801

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware,...

7.5CVSS7.5AI score0.01486EPSS
Exploits1References2
NVD
NVD
added 2019/11/14 9:15 p.m.22 views

CVE-2019-15802

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in salutilstrencrypt in libsal.so.0.0. The parameters salt, IV, and key data are used to encrypt and decrypt all passwords using AES256...

5.9CVSS5.7AI score0.015EPSS
Exploits1References2
Prion
Prion
added 2019/11/14 9:15 p.m.24 views

Default credentials

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH while their...

9CVSS8.7AI score0.02309EPSS
Exploits1References3Affected Software9
Prion
Prion
added 2019/11/14 9:15 p.m.23 views

Input validation

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Due to lack of input validation in the cmdsystracerouteexec, cmdsysarpclear, and cmdsyspingexec functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call...

10CVSS9.9AI score0.03872EPSS
Exploits1References2Affected Software9
Prion
Prion
added 2019/11/14 9:15 p.m.24 views

Hardcoded credentials

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in salutilstrencrypt in libsal.so.0.0. The parameters salt, IV, and key data are used to encrypt and decrypt all passwords using AES256...

4.3CVSS5.8AI score0.015EPSS
Exploits1References2Affected Software9
Prion
Prion
added 2019/11/14 9:15 p.m.23 views

Memory corruption

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application e.g., through CTRL+\ via SSH. The access...

5CVSS7.6AI score0.00931EPSS
Exploits1References2Affected Software9
Prion
Prion
added 2019/11/14 9:15 p.m.21 views

Improper access control

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fdssyspassDebugPasswdret. The...

6.4CVSS9.3AI score0.01323EPSS
Exploits1References2Affected Software9
Prion
Prion
added 2019/11/14 9:15 p.m.19 views

Hardcoded credentials

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware,...

5CVSS7.5AI score0.01486EPSS
Exploits1References2Affected Software9
CVE
CVE
added 2019/11/14 8:16 p.m.78 views

CVE-2019-15799

The CVE-2019-15799 issue affects Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Web-interface accounts with non-admin privileges can, when connected via SSH, obtain administrator-level access identical to their web permissions. This allows normal users to run the tech-support command i...

9CVSS8.7AI score0.02309EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/11/14 8:16 p.m.31 views

CVE-2019-15799

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH while their...

8.8AI score0.02309EPSS
Exploits1References3
CVE
CVE
added 2019/11/14 8:16 p.m.80 views

CVE-2019-15800

CVE-2019-15800 affects Zyxel GS1900 switches with firmware before 2.50(AAHH.0)C0. The root cause is lack of input validation in libclicmd.so under the commands cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec(). This could allow an attacker to trigger system() and execute arb...

10CVSS9.9AI score0.03872EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder