4.3
CVSSv2

CVE-2019-15802

Published: 14/11/2019 Updated: 22/11/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

An issue exists on Zyxel GS1900 devices with firmware prior to 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zyxel gs1900-8_firmware

zyxel gs1900-8hp_firmware

zyxel gs1900-10hp_firmware

zyxel gs1900-16_firmware

zyxel gs1900-24e_firmware

zyxel gs1900-24_firmware

zyxel gs1900-24hp_firmware

zyxel gs1900-48_firmware

zyxel gs1900-48hp_firmware

Github Repositories

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr