CRITICAL🇬🇧 English

CVE-2019-15803

CVSS 9.1v3.1pub. 2019-11-14upd. 2024-11-21

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Zyxel Gs1900 10hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 10hp Firmware

    OS
    Zyxel
    < 2.50\(aazi.0\)c0
  • Zyxel Gs1900 16

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 16 Firmware

    OS
    Zyxel
    < 2.50\(aahj.0\)c0
  • Zyxel Gs1900 24

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 24e

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 24e Firmware

    OS
    Zyxel
    < 2.50\(aahk.0\)c0
  • Zyxel Gs1900 24 Firmware

    OS
    Zyxel
    < 2.50\(aahl.0\)c0
  • Zyxel Gs1900 24hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 24hp Firmware

    OS
    Zyxel
    < 2.50\(aahm.0\)c0
  • Zyxel Gs1900 48

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 48 Firmware

    OS
    Zyxel
    < 2.50\(aahn.0\)c0
  • Zyxel Gs1900 48hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 48hp Firmware

    OS
    Zyxel
    < 2.50\(aaho.0\)c0
  • Zyxel Gs1900 8

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 8 Firmware

    OS
    Zyxel
    < 2.50\(aahh.0\)c0
  • Zyxel Gs1900 8hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 8hp Firmware

    OS
    Zyxel
    < 2.50\(aahi.0\)c0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2019-15800CRITICAL9.8ten sam produkt

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input vali...

CVE-2016-1329CRITICAL9.8ten sam produkt

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(...

CVE-2015-5988CRITICAL9.8ten sam produkt

The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which all...

CVE-2015-5989CRITICAL9.8ten sam produkt

Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which al...

CVE-2019-15799HIGH8.8ten sam produkt

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created thr...