Details of VAR-201512-0086

ID

VAR-201512-0086

CVE

CVE-2015-6020

TITLE

ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#870744

DESCRIPTION

ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. Several models of ZyXEL routers are vulnerable to multiple issues, including weak default passwords, command injections due to improper input validation, and cross-site scripting. ZyXEL PMG5318-B20A There is a vulnerability in the device firmware that can gain administrator privileges. The ZyXEL PMG5318-B20A is a wireless switch from ZyXEL Technology. A remote attacker could exploit this vulnerability to modify the system configuration. Multiple ZyXEL Routers are prone to following security vulnerabilities: 1. An insecure default-password vulnerability 2. Multiple cross-site scripting vulnerabilities 3. A command-execution vulnerability 4. A security-bypass vulnerability 5. An authorization-bypass Successful exploits allow attacker-supplied HTML and script code to run in the context of the affected browser potentially allowing attackers to steal cookie-based authentication credentials, execute arbitrary commands, to gain unauthorized access and bypass security restrictions and perform unauthorized actions

Trust: 3.24

sources: NVD: CVE-2015-6020 // CERT/CC: VU#870744 // JVNDB: JVNDB-2015-006597 // CNVD: CNVD-2015-06873 // BID: 77077 // VULHUB: VHN-83981

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-06873

AFFECTED PRODUCTS

vendor:	zyxel	model:	pmg5318-b20a	scope:	eq	version:	v100aanc0b5	Trust: 1.6
vendor:	zyxel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	pmg5318-b20a	scope:	eq	version:	1.00aanc0b5	Trust: 0.8
vendor:	zyxel	model:	pmg5318-b20a	scope:	-	version:	-	Trust: 0.6
vendor:	zyxel	model:	pmg5318-b20a v100aanc0b5	scope:	-	version:	-	Trust: 0.3
vendor:	zyxel	model:	p-660hw-t1 3.40	scope:	eq	version:	v2	Trust: 0.3
vendor:	zyxel	model:	nbg-418n	scope:	eq	version:	0	Trust: 0.3
vendor:	zyxel	model:	pmg5318-b20a 1.00 c0	scope:	ne	version:	-	Trust: 0.3

sources: CERT/CC: VU#870744 // CNVD: CNVD-2015-06873 // BID: 77077 // JVNDB: JVNDB-2015-006597 // CNNVD: CNNVD-201510-345 // NVD: CVE-2015-6020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6020
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6020
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-06873
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201510-345
value:	HIGH
Trust: 0.6
VULHUB:	VHN-83981
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6020
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-06873
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-83981
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6020
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2015-06873 // VULHUB: VHN-83981 // JVNDB: JVNDB-2015-006597 // CNNVD: CNNVD-201510-345 // NVD: CVE-2015-6020

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-83981 // JVNDB: JVNDB-2015-006597 // NVD: CVE-2015-6020

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201510-345

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201510-345

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006597

PATCH

title:	PMG5318-B20A	url:	http://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01700&md=PMG5318-B20A	Trust: 0.8
title:	ZyXEL Support Center - Latest Release	url:	http://www.zyxel.com/support/support_landing.shtml	Trust: 0.8
title:	ZyXEL PMG5318-B20A patch for incorrect authorization vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/65624	Trust: 0.6
title:	ZyXEL PMG5318-B20A Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58193	Trust: 0.6

sources: CNVD: CNVD-2015-06873 // JVNDB: JVNDB-2015-006597 // CNNVD: CNNVD-201510-345

EXTERNAL IDS

db:	CERT/CC	id:	VU#870744	Trust: 4.2
db:	NVD	id:	CVE-2015-6020	Trust: 3.4
db:	SECTRACK	id:	1034553	Trust: 1.1
db:	JVN	id:	JVNVU97093739	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006597	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-345	Trust: 0.7
db:	CNVD	id:	CNVD-2015-06873	Trust: 0.6
db:	BID	id:	77077	Trust: 0.3
db:	VULHUB	id:	VHN-83981	Trust: 0.1

sources: CERT/CC: VU#870744 // CNVD: CNVD-2015-06873 // VULHUB: VHN-83981 // BID: 77077 // JVNDB: JVNDB-2015-006597 // CNNVD: CNNVD-201510-345 // NVD: CVE-2015-6020

REFERENCES

url:	https://www.kb.cert.org/vuls/id/870744	Trust: 3.4
url:	https://www.kb.cert.org/vuls/id/bluu-9zqu2r	Trust: 1.9
url:	http://www.zyxel.com/support/support_landing.shtml	Trust: 1.5
url:	http://www.securitytracker.com/id/1034553	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6020	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97093739/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6020	Trust: 0.8
url:	http://www.zyxel.com/th/th/	Trust: 0.3

sources: CERT/CC: VU#870744 // CNVD: CNVD-2015-06873 // VULHUB: VHN-83981 // BID: 77077 // JVNDB: JVNDB-2015-006597 // CNNVD: CNNVD-201510-345 // NVD: CVE-2015-6020

CREDITS

Joel Land and Karn Ganeshen

Trust: 0.3

sources: BID: 77077

SOURCES

db:	CERT/CC	id:	VU#870744
db:	CNVD	id:	CNVD-2015-06873
db:	VULHUB	id:	VHN-83981
db:	BID	id:	77077
db:	JVNDB	id:	JVNDB-2015-006597
db:	CNNVD	id:	CNNVD-201510-345
db:	NVD	id:	CVE-2015-6020

LAST UPDATE DATE

2024-11-23T22:31:02.210000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#870744	date:	2015-10-29T00:00:00
db:	CNVD	id:	CNVD-2015-06873	date:	2015-10-28T00:00:00
db:	VULHUB	id:	VHN-83981	date:	2016-12-07T00:00:00
db:	BID	id:	77077	date:	2015-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006597	date:	2016-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201510-345	date:	2016-01-04T00:00:00
db:	NVD	id:	CVE-2015-6020	date:	2024-11-21T02:34:18.660

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#870744	date:	2015-10-13T00:00:00
db:	CNVD	id:	CNVD-2015-06873	date:	2015-10-27T00:00:00
db:	VULHUB	id:	VHN-83981	date:	2015-12-31T00:00:00
db:	BID	id:	77077	date:	2015-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006597	date:	2016-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201510-345	date:	2015-10-21T00:00:00
db:	NVD	id:	CVE-2015-6020	date:	2015-12-31T05:59:18.617