CVE-2019-15803Improper Authentication in Zyxel Gs1900-10hp Firmware

CWE-287Improper Authentication3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.4%
top 40.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Zyxel Gs1900-10hp FirmwareZyxel Gs1900-16 FirmwareZyxel Gs1900-24 Firmware+6 more
Timeline
PublishedNov 14
Latest updateMay 24

Description

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) alw

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages9 packages

NVDzyxel/gs1900-8_firmware< 2.50\(aahh.0\)c0
NVDzyxel/gs1900-16_firmware< 2.50\(aahj.0\)c0
NVDzyxel/gs1900-24_firmware< 2.50\(aahl.0\)c0
NVDzyxel/gs1900-48_firmware< 2.50\(aahn.0\)c0
NVDzyxel/gs1900-24e_firmware< 2.50\(aahk.0\)c0

🔴Vulnerability Details

2
GHSA
GHSA-958f-78j2-fqr6: An issue was discovered on Zyxel GS1900 devices with firmware before 22022-05-24
CVEList
CVE-2019-15803: An issue was discovered on Zyxel GS1900 devices with firmware before 22019-11-14
CVE-2019-15803 — Improper Authentication in Zyxel | cvebase