Details of VAR-201904-1089

ID

VAR-201904-1089

CVE

CVE-2019-10630

TITLE

Zyxel NAS 326 Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-003299

DESCRIPTION

A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. Zyxel NAS 326 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZyxelNAS326 is a dual-disc personal cloud storage device from Zyxel. ZyXEL NAS 326 is a NAS (Network Attached Storage) device produced by ZyXEL Corporation of Taiwan, China. There is a trust management vulnerability in ZyXEL NAS 326 5.21 and earlier versions, which originates from the lack of an effective trust management mechanism in the network system or product. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 2.25

sources: NVD: CVE-2019-10630 // JVNDB: JVNDB-2019-003299 // CNVD: CNVD-2019-13779 // VULHUB: VHN-142196

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-13779

AFFECTED PRODUCTS

vendor:	zyxel	model:	nas326	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	nas 326	scope:	lte	version:	5.21	Trust: 0.8
vendor:	zyxel	model:	nas	scope:	eq	version:	326<=5.21	Trust: 0.6

sources: CNVD: CNVD-2019-13779 // JVNDB: JVNDB-2019-003299 // NVD: CVE-2019-10630

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10630
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10630
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-13779
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201904-493
value:	HIGH
Trust: 0.6
VULHUB:	VHN-142196
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-10630
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-13779
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-142196
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10630
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-13779 // VULHUB: VHN-142196 // JVNDB: JVNDB-2019-003299 // CNNVD: CNNVD-201904-493 // NVD: CVE-2019-10630

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-142196 // JVNDB: JVNDB-2019-003299 // NVD: CVE-2019-10630

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-493

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-493

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003299

PATCH

title:

NAS326

url:

https://www.zyxel.com/products_services/2-Bay-Personal-Cloud-Storage-NAS326/

Trust: 0.8

sources: JVNDB: JVNDB-2019-003299

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10630	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-003299	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-493	Trust: 0.7
db:	CNVD	id:	CNVD-2019-13779	Trust: 0.6
db:	VULHUB	id:	VHN-142196	Trust: 0.1

sources: CNVD: CNVD-2019-13779 // VULHUB: VHN-142196 // JVNDB: JVNDB-2019-003299 // CNNVD: CNNVD-201904-493 // NVD: CVE-2019-10630

REFERENCES

url:	http://maxwelldulin.com/blogpost?post=3236967424	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10630	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10630	Trust: 0.8

sources: CNVD: CNVD-2019-13779 // VULHUB: VHN-142196 // JVNDB: JVNDB-2019-003299 // CNNVD: CNNVD-201904-493 // NVD: CVE-2019-10630

SOURCES

db:	CNVD	id:	CNVD-2019-13779
db:	VULHUB	id:	VHN-142196
db:	JVNDB	id:	JVNDB-2019-003299
db:	CNNVD	id:	CNNVD-201904-493
db:	NVD	id:	CVE-2019-10630

LAST UPDATE DATE

2024-11-23T22:06:13.278000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-13779	date:	2019-06-19T00:00:00
db:	VULHUB	id:	VHN-142196	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-003299	date:	2019-05-14T00:00:00
db:	CNNVD	id:	CNNVD-201904-493	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-10630	date:	2024-11-21T04:19:37.630

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-13779	date:	2019-05-13T00:00:00
db:	VULHUB	id:	VHN-142196	date:	2019-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-003299	date:	2019-05-14T00:00:00
db:	CNNVD	id:	CNNVD-201904-493	date:	2019-04-09T00:00:00
db:	NVD	id:	CVE-2019-10630	date:	2019-04-09T05:29:00.230