Sign-up

ID

VAR-201708-0143


CVE

CVE-2015-7255


TITLE

Embedded devices use non-unique X.509 certificates and SSH host keys

Trust: 0.8

sources: CERT/CC: VU#566724

DESCRIPTION

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. As a result, confidential information may be leaked. ZTEOX-330P and others are wireless router products of China ZTE Corporation (ZTE). An information disclosure vulnerability exists in several ZTE products. The following products are affected: ZTE OX-330P; ZXHN H108N; W300V1.0.0S_ZRD_TR1_D68; HG110; GAN9.8T101A-B; MF28G;

Trust: 2.97

sources: NVD: CVE-2015-7255 // CERT/CC: VU#566724 // JVNDB: JVNDB-2015-006907 // CNVD: CNVD-2017-33516 // VULHUB: VHN-85216

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33516

AFFECTED PRODUCTS

vendor:ztemodel:mf28gscope:eqversion: -

Trust: 1.6

vendor:ztemodel:hg110scope:eqversion: -

Trust: 1.6

vendor:ztemodel:zxhn h108nscope:eqversion: -

Trust: 1.6

vendor:ztemodel:gan9.8t101a-bscope:eqversion: -

Trust: 1.6

vendor:ztemodel:ox-330pscope:eqversion: -

Trust: 1.6

vendor:ztemodel:w300v1.0.0s zrd tr1 d68scope:eqversion: -

Trust: 1.6

vendor:ztemodel:zxhn h108nscope: - version: -

Trust: 1.2

vendor:actiontecmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:d linkmodel: - scope: - version: -

Trust: 0.8

vendor:general electricmodel: - scope: - version: -

Trust: 0.8

vendor:huaweimodel: - scope: - version: -

Trust: 0.8

vendor:netcommmodel: - scope: - version: -

Trust: 0.8

vendor:sierramodel: - scope: - version: -

Trust: 0.8

vendor:technicolormodel: - scope: - version: -

Trust: 0.8

vendor:ubiquitimodel: - scope: - version: -

Trust: 0.8

vendor:unifymodel: - scope: - version: -

Trust: 0.8

vendor:ztemodel: - scope: - version: -

Trust: 0.8

vendor:zyxelmodel: - scope: - version: -

Trust: 0.8

vendor:zyxelmodel:c1000zscope: - version: -

Trust: 0.8

vendor:zyxelmodel:fr1000zscope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-24scope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-8scope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1100-nscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1100-nhscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1121-niscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1123-acscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1123-niscope: - version: -

Trust: 0.8

vendor:zyxelmodel:p-660hn-51scope: - version: -

Trust: 0.8

vendor:zyxelmodel:p-663hn-51scope: - version: -

Trust: 0.8

vendor:zyxelmodel:p8702nscope: - version: -

Trust: 0.8

vendor:zyxelmodel:pmg5318-b20ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:q1000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:sbg3300-n000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:sbg3300-nb00scope: - version: -

Trust: 0.8

vendor:zyxelmodel:sbg3500-n000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg1312-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg1312-b30ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg1312-b30bscope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg4380-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg8324-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg8924-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg8924-b30ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vsg1435-b101scope: - version: -

Trust: 0.8

vendor:multiple vendorsmodel: - scope: - version: -

Trust: 0.8

vendor:ztemodel:ox-330pscope: - version: -

Trust: 0.6

vendor:ztemodel:w300v1.0.0s zrd tr1 d68scope: - version: -

Trust: 0.6

vendor:ztemodel:hg110scope: - version: -

Trust: 0.6

vendor:ztemodel:gan9.8t101a-bscope: - version: -

Trust: 0.6

vendor:ztemodel:mf28gscope: - version: -

Trust: 0.6

sources: CERT/CC: VU#566724 // CNVD: CNVD-2017-33516 // JVNDB: JVNDB-2015-006907 // CNNVD: CNNVD-201708-1334 // NVD: CVE-2015-7255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7255
value: HIGH

Trust: 1.0

NVD: CVE-2015-7255
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-33516
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201708-1334
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85216
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7255
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33516
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85216
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7255
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2017-33516 // VULHUB: VHN-85216 // JVNDB: JVNDB-2015-006907 // CNNVD: CNNVD-201708-1334 // NVD: CVE-2015-7255

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

sources: VULHUB: VHN-85216 // NVD: CVE-2015-7255

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1334

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-1334

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006907

PATCH
title:Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)url:http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006907

EXTERNAL IDS
db:CERT/CCid:VU#566724
Trust: 3.9
db:NVDid:CVE-2015-7255
Trust: 3.1
db:JVNid:JVNVU96100360
Trust: 0.8
db:JVNDBid:JVNDB-2015-006907
Trust: 0.8
db:CNNVDid:CNNVD-201708-1334
Trust: 0.7
db:CNVDid:CNVD-2017-33516
Trust: 0.6
db:VULHUBid:VHN-85216
Trust: 0.1
sources:
            
            
            CERT/CC: VU#566724 // 
            
            
            
            CNVD: CNVD-2017-33516 // 
            
            
            
            VULHUB: VHN-85216 // 
            
            
            
            JVNDB: JVNDB-2015-006907 // 
            
            
            
            CNNVD: CNNVD-201708-1334 // 
            
            
            
            NVD: CVE-2015-7255

REFERENCES
url:http://www.kb.cert.org/vuls/id/566724
Trust: 3.1
url:https://www.kb.cert.org/vuls/id/bluu-a2nqyr
Trust: 1.7
url:http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
Trust: 1.6
url:https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%e2%9c%93
Trust: 1.6
url:http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html
Trust: 0.8
url:https://www.sec-consult.com/download/certificates.html
Trust: 0.8
url:https://www.sec-consult.com/download/ssh_host_keys.html
Trust: 0.8
url:https://scans.io/
Trust: 0.8
url:https://scans.io/series/ssh-rsa-full-ipv4
Trust: 0.8
url:https://scans.io/study/sonar.ssl
Trust: 0.8
url:https://censys.io
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96100360/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7256
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-6358
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7255
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7276
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-8251
Trust: 0.8
url:https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%e2%9c%93
Trust: 0.1
sources:
            
            
            CERT/CC: VU#566724 // 
            
            
            
            CNVD: CNVD-2017-33516 // 
            
            
            
            VULHUB: VHN-85216 // 
            
            
            
            JVNDB: JVNDB-2015-006907 // 
            
            
            
            CNNVD: CNNVD-201708-1334 // 
            
            
            
            NVD: CVE-2015-7255

SOURCES
db:CERT/CCid:VU#566724
db:CNVDid:CNVD-2017-33516
db:VULHUBid:VHN-85216
db:JVNDBid:JVNDB-2015-006907
db:CNNVDid:CNNVD-201708-1334
db:NVDid:CVE-2015-7255

LAST UPDATE DATE
2024-11-23T22:25:43.595000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#566724date:2016-09-06T00:00:00
db:CNVDid:CNVD-2017-33516date:2017-11-10T00:00:00
db:VULHUBid:VHN-85216date:2017-09-12T00:00:00
db:JVNDBid:JVNDB-2015-006907date:2018-02-28T00:00:00
db:CNNVDid:CNNVD-201708-1334date:2017-10-09T00:00:00
db:NVDid:CVE-2015-7255date:2024-11-21T02:36:26.760

SOURCES RELEASE DATE
db:CERT/CCid:VU#566724date:2015-11-25T00:00:00
db:CNVDid:CNVD-2017-33516date:2017-11-10T00:00:00
db:VULHUBid:VHN-85216date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2015-006907date:2016-02-29T00:00:00
db:CNNVDid:CNNVD-201708-1334date:2017-08-29T00:00:00
db:NVDid:CVE-2015-7255date:2017-08-29T15:29:00.517