CVE-2015-7256

moderate-risk

Published 2017-09-28

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (20)

Nwa1100-N Firmware

Nwa1100-Nh Firmware

Vmg1312-B10A Firmware

Vmg1312-B30A Firmware

Vmg8324-B10A Firmware

Vsg1435-B101 Firmware

Sbg3300-Nb00 Firmware

C1000Z Firmware

Q1000 Firmware

Fr1000Z Firmware

P8702N Firmware

Nwa1121-Ni Firmware

Nwa1123-Ac Firmware

Nwa1123-Ni Firmware

P-660Hn-51 Firmware

P-663Hn-51 Firmware

Vmg1312-B30B Firmware

Vmg4380-B10A Firmware

Vmg8924-B10A Firmware

Vmg8924-B30A Firmware

Affected Vendors

Zyxel

References (4)

Third Party Advisory http://www.kb.cert.org/vuls/id/566724

Vendor Advisory http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulner...

Third Party Advisory http://www.kb.cert.org/vuls/id/566724

Vendor Advisory http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulner...

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 21/34 · High