Details of VAR-201512-0085

ID

VAR-201512-0085

CVE

CVE-2015-6019

TITLE

ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#870744

DESCRIPTION

The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. Several models of ZyXEL routers are vulnerable to multiple issues, including weak default passwords, command injections due to improper input validation, and cross-site scripting. In addition, National Vulnerability Database (NVD) Then CWE-330 , JVNVU#97093739 Then CWE-613 It is published as CWE-330: Use of Insufficiently Random Values http://cwe.mitre.org/data/definitions/330.html CWE-613: Insufficient Session Expiration http://cwe.mitre.org/data/definitions/613.htmlAccess restrictions may be avoided by using an unattended workstation by a third party. The ZyXEL PMG5318-B20A is a wireless switch from ZyXEL Technology. A security vulnerability exists in the ZyXEL PMG5318-B20A with firmware version V100AANC0b5. A remote attacker can use the vulnerability information to gain access to the device. Multiple ZyXEL Routers are prone to following security vulnerabilities: 1. An insecure default-password vulnerability 2. Multiple cross-site scripting vulnerabilities 3. A command-execution vulnerability 4. A security-bypass vulnerability 5. An authorization-bypass Successful exploits allow attacker-supplied HTML and script code to run in the context of the affected browser potentially allowing attackers to steal cookie-based authentication credentials, execute arbitrary commands, to gain unauthorized access and bypass security restrictions and perform unauthorized actions

Trust: 3.24

sources: NVD: CVE-2015-6019 // CERT/CC: VU#870744 // JVNDB: JVNDB-2015-006596 // CNVD: CNVD-2015-06874 // BID: 77077 // VULHUB: VHN-83980

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-06874

AFFECTED PRODUCTS

vendor:	zyxel	model:	pmg5318-b20a	scope:	eq	version:	v100aanc0b5	Trust: 1.6
vendor:	zyxel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	pmg5318-b20a	scope:	eq	version:	1.00aanc0b5	Trust: 0.8
vendor:	zyxel	model:	pmg5318-b20a	scope:	-	version:	-	Trust: 0.6
vendor:	zyxel	model:	pmg5318-b20a v100aanc0b5	scope:	-	version:	-	Trust: 0.3
vendor:	zyxel	model:	p-660hw-t1 3.40	scope:	eq	version:	v2	Trust: 0.3
vendor:	zyxel	model:	nbg-418n	scope:	eq	version:	0	Trust: 0.3
vendor:	zyxel	model:	pmg5318-b20a 1.00 c0	scope:	ne	version:	-	Trust: 0.3

sources: CERT/CC: VU#870744 // CNVD: CNVD-2015-06874 // BID: 77077 // JVNDB: JVNDB-2015-006596 // CNNVD: CNNVD-201510-346 // NVD: CVE-2015-6019

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6019
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6019
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-06874
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201510-346
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-83980
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6019
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-06874
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-83980
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6019
baseSeverity:	HIGH
baseScore:	8.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	4.7
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2015-06874 // VULHUB: VHN-83980 // JVNDB: JVNDB-2015-006596 // CNNVD: CNNVD-201510-346 // NVD: CVE-2015-6019

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-006596 // NVD: CVE-2015-6019

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-346

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201510-346

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006596

PATCH

title:	PMG5318-B20A	url:	http://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01700&md=PMG5318-B20A	Trust: 0.8
title:	ZyXEL Support Center - Latest Release	url:	http://www.zyxel.com/support/support_landing.shtml	Trust: 0.8
title:	ZyXEL PMG5318-B20A Session Expiration Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/65623	Trust: 0.6

sources: CNVD: CNVD-2015-06874 // JVNDB: JVNDB-2015-006596

EXTERNAL IDS

db:	CERT/CC	id:	VU#870744	Trust: 4.2
db:	NVD	id:	CVE-2015-6019	Trust: 3.4
db:	SECTRACK	id:	1034553	Trust: 1.1
db:	JVN	id:	JVNVU97093739	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006596	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-346	Trust: 0.7
db:	CNVD	id:	CNVD-2015-06874	Trust: 0.6
db:	BID	id:	77077	Trust: 0.3
db:	VULHUB	id:	VHN-83980	Trust: 0.1

sources: CERT/CC: VU#870744 // CNVD: CNVD-2015-06874 // VULHUB: VHN-83980 // BID: 77077 // JVNDB: JVNDB-2015-006596 // CNNVD: CNNVD-201510-346 // NVD: CVE-2015-6019

REFERENCES

url:	https://www.kb.cert.org/vuls/id/870744	Trust: 3.4
url:	https://www.kb.cert.org/vuls/id/bluu-9zqu2r	Trust: 1.9
url:	http://www.zyxel.com/support/support_landing.shtml	Trust: 1.5
url:	http://www.securitytracker.com/id/1034553	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6019	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97093739/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6019	Trust: 0.8
url:	http://www.zyxel.com/th/th/	Trust: 0.3

sources: CERT/CC: VU#870744 // CNVD: CNVD-2015-06874 // VULHUB: VHN-83980 // BID: 77077 // JVNDB: JVNDB-2015-006596 // CNNVD: CNNVD-201510-346 // NVD: CVE-2015-6019

CREDITS

Joel Land and Karn Ganeshen

Trust: 0.3

sources: BID: 77077

SOURCES

db:	CERT/CC	id:	VU#870744
db:	CNVD	id:	CNVD-2015-06874
db:	VULHUB	id:	VHN-83980
db:	BID	id:	77077
db:	JVNDB	id:	JVNDB-2015-006596
db:	CNNVD	id:	CNNVD-201510-346
db:	NVD	id:	CVE-2015-6019

LAST UPDATE DATE

2024-11-23T22:31:02.294000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#870744	date:	2015-10-29T00:00:00
db:	CNVD	id:	CNVD-2015-06874	date:	2015-10-28T00:00:00
db:	VULHUB	id:	VHN-83980	date:	2016-12-07T00:00:00
db:	BID	id:	77077	date:	2015-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006596	date:	2016-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201510-346	date:	2016-01-04T00:00:00
db:	NVD	id:	CVE-2015-6019	date:	2024-11-21T02:34:18.537

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#870744	date:	2015-10-13T00:00:00
db:	CNVD	id:	CNVD-2015-06874	date:	2015-10-27T00:00:00
db:	VULHUB	id:	VHN-83980	date:	2015-12-31T00:00:00
db:	BID	id:	77077	date:	2015-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006596	date:	2016-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201510-346	date:	2015-10-21T00:00:00
db:	NVD	id:	CVE-2015-6019	date:	2015-12-31T05:59:17.727