Published: 14/11/2019 Updated: 21/07/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists on Zyxel GS1900 devices with firmware prior to 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zyxel gs1900-8_firmware
zyxel gs1900-8hp_firmware
zyxel gs1900-10hp_firmware
zyxel gs1900-16_firmware
zyxel gs1900-24e_firmware
zyxel gs1900-24_firmware
zyxel gs1900-24hp_firmware
zyxel gs1900-48_firmware
zyxel gs1900-48hp_firmware

CVE-2019-15802 decrypter The Zyxel firmware for the GS1900 switches, at least version 240(AAHH2)C0, contains a hardcoded parameters which are used for AES256-CBC encryption an decryption of passwords These parameters (IV, salt and password) are fixed for all devices running the firmware salt[] = "1A3BB2F78D6EC7D8"; iv[32] = "2268BA68768B58C3687D4F205923A741&q

CWE-798 https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html https://nvd.nist.gov https://github.com/jasperla/CVE-2019-15802

CVE-2019-15801

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect