CVE-2019-15801

moderate-risk

Published 2019-11-14

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.

Do I need to act?

0.29% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (9)

Gs1900-8 Firmware

Gs1900-8Hp Firmware

Gs1900-10Hp Firmware

Gs1900-16 Firmware

Gs1900-24E Firmware

Gs1900-24 Firmware

Gs1900-24Hp Firmware

Gs1900-48 Firmware

Gs1900-48Hp Firmware

Affected Vendors

Zyxel

References (4)

Exploit https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html

Vendor Advisory https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml

Exploit https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html

Vendor Advisory https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 15/34 · Moderate