CRITICAL🇵🇱 Wersja polska

CVE-2019-15800

CVSS 9.8v3.1pub. 2019-11-14upd. 2024-11-21

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Zyxel Gs1900 10hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 10hp Firmware

    OS
    Zyxel
    < 2.50\(aazi.0\)c0
  • Zyxel Gs1900 16

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 16 Firmware

    OS
    Zyxel
    < 2.50\(aahj.0\)c0
  • Zyxel Gs1900 24

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 24e

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 24e Firmware

    OS
    Zyxel
    < 2.50\(aahk.0\)c0
  • Zyxel Gs1900 24 Firmware

    OS
    Zyxel
    < 2.50\(aahl.0\)c0
  • Zyxel Gs1900 24hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 24hp Firmware

    OS
    Zyxel
    < 2.50\(aahm.0\)c0
  • Zyxel Gs1900 48

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 48 Firmware

    OS
    Zyxel
    < 2.50\(aahn.0\)c0
  • Zyxel Gs1900 48hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 48hp Firmware

    OS
    Zyxel
    < 2.50\(aaho.0\)c0
  • Zyxel Gs1900 8

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 8 Firmware

    OS
    Zyxel
    < 2.50\(aahh.0\)c0
  • Zyxel Gs1900 8hp

    HW
    Zyxel
    wszystkie wersje
  • Zyxel Gs1900 8hp Firmware

    OS
    Zyxel
    < 2.50\(aahi.0\)c0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2019-15803CRITICAL9.1ten sam produkt

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented s...

CVE-2016-1329CRITICAL9.8ten sam produkt

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(...

CVE-2015-5988CRITICAL9.8ten sam produkt

The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which all...

CVE-2015-5989CRITICAL9.8ten sam produkt

Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which al...

CVE-2019-15799HIGH8.8ten sam produkt

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created thr...