HIGH🇬🇧 English

CVE-2019-15799

CVSS 8.8v3.1pub. 2019-11-14upd. 2024-11-21

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Zyxel Gs1900 10hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 10hp Firmware

    OS
    Zyxel
    < 2.50\(aazi.0\)c0
  • Zyxel Gs1900 16

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 16 Firmware

    OS
    Zyxel
    < 2.50\(aahj.0\)c0
  • Zyxel Gs1900 24

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 24e

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 24e Firmware

    OS
    Zyxel
    < 2.50\(aahk.0\)c0
  • Zyxel Gs1900 24 Firmware

    OS
    Zyxel
    < 2.50\(aahl.0\)c0
  • Zyxel Gs1900 24hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 24hp Firmware

    OS
    Zyxel
    < 2.50\(aahm.0\)c0
  • Zyxel Gs1900 48

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 48 Firmware

    OS
    Zyxel
    < 2.50\(aahn.0\)c0
  • Zyxel Gs1900 48hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 48hp Firmware

    OS
    Zyxel
    < 2.50\(aaho.0\)c0
  • Zyxel Gs1900 8

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 8 Firmware

    OS
    Zyxel
    < 2.50\(aahh.0\)c0
  • Zyxel Gs1900 8hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 8hp Firmware

    OS
    Zyxel
    < 2.50\(aahi.0\)c0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-15800CRITICAL9.8ten sam produkt

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input vali...

CVE-2019-15803CRITICAL9.1ten sam produkt

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented s...

CVE-2016-1329CRITICAL9.8ten sam produkt

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(...

CVE-2015-5988CRITICAL9.8ten sam produkt

The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which all...

CVE-2015-5989CRITICAL9.8ten sam produkt

Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which al...