Gs1900-24 Firmware Security Vulnerabilities and Issues — Gs1900-24 Firmware CVE List

Lucene search

ZyxelGs1900-24 Firmware

16 matches found

CVE•added 2017/09/28 1:29 a.m.•155 views

CVE-2015-7256

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 sm...

5.9CVSS5.9AI score0.00127EPSS

CVE•added 2019/11/14 9:15 p.m.•83 views

CVE-2019-15804

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access...

7.5CVSS7.5AI score0.00241EPSS

CVE•added 2023/05/30 11:15 a.m.•79 views

CVE-2022-45853

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.

6.7CVSS7.4AI score0.0003EPSS

CVE•added 2019/11/14 9:15 p.m.•74 views

CVE-2019-15802

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using...

5.9CVSS5.7AI score0.00286EPSS

CVE•added 2019/11/14 9:15 p.m.•72 views

CVE-2019-15803

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). Th...

9.1CVSS9.2AI score0.00376EPSS

CVE•added 2019/11/14 9:15 p.m.•69 views

CVE-2019-15800

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these funct...

10CVSS9.9AI score0.0308EPSS

CVE•added 2019/11/14 9:15 p.m.•68 views

CVE-2019-15799

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their pe...

9CVSS8.7AI score0.00398EPSS

CVE•added 2019/11/14 9:15 p.m.•67 views

CVE-2019-15801

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, ...

7.5CVSS7.5AI score0.00286EPSS

CVE•added 2022/09/20 2:15 a.m.•56 views

CVE-2022-34746

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring th...

5.9CVSS5.7AI score0.00405EPSS

CVE•added 2023/11/07 5:15 a.m.•55 views

CVE-2023-35140

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.

5.5CVSS5.3AI score0.00045EPSS

CVE•added 2024/11/12 2:15 a.m.•48 views

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by ...

6.8CVSS7.8AI score0.00502EPSS

CVE•added 2021/12/28 11:15 a.m.•46 views

CVE-2021-35031

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

8CVSS8AI score0.00085EPSS

CVE•added 2024/11/12 2:15 a.m.•44 views

CVE-2024-8882

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.

4.5CVSS7.3AI score0.00045EPSS

CVE•added 2021/07/26 12:15 p.m.•43 views

CVE-2021-35030

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.

4.3CVSS4.4AI score0.00115EPSS

CVE•added 2021/12/28 11:15 a.m.•43 views

CVE-2021-35032

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.

7.8CVSS7.6AI score0.00036EPSS

CVE•added 2024/09/10 2:15 a.m.•43 views

CVE-2024-38270

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid s...

6.5CVSS7.5AI score0.00051EPSS