Details of VAR-201910-1281

ID

VAR-201910-1281

CVE

CVE-2019-17354

TITLE

Zyxel NBG-418N v2 Vulnerabilities related to authentication in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-010637

DESCRIPTION

wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page. Zyxel NBG-418N v2 Authentication firmware contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZyXEL NBG-418N v2 is a wireless router from China ZyXEL (ZyXEL) company. The wan.htm page in Zyxel NBG-418N v2 using V1.00 (AARP.9) C0 firmware has an authorization issue vulnerability. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. There is currently no detailed vulnerability details provided

Trust: 2.25

sources: NVD: CVE-2019-17354 // JVNDB: JVNDB-2019-010637 // CNVD: CNVD-2020-28446 // VULHUB: VHN-149592

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-28446

AFFECTED PRODUCTS

vendor:	zyxel	model:	nbg-418n v2	scope:	eq	version:	1.00\(aarp.9\)c0	Trust: 1.0
vendor:	zyxel	model:	nbg-418n	scope:	eq	version:	1.00(aarp.9)c0	Trust: 0.8
vendor:	zyxel	model:	nbg-418n v1.00 c0	scope:	eq	version:	v2	Trust: 0.6

sources: CNVD: CNVD-2020-28446 // JVNDB: JVNDB-2019-010637 // NVD: CVE-2019-17354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-17354
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-17354
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-28446
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201910-506
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-149592
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-17354
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-28446
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-149592
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-17354
baseSeverity:	CRITICAL
baseScore:	9.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2019-17354
baseSeverity:	CRITICAL
baseScore:	9.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-28446 // VULHUB: VHN-149592 // JVNDB: JVNDB-2019-010637 // CNNVD: CNNVD-201910-506 // NVD: CVE-2019-17354

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	CWE-287	Trust: 0.9

sources: VULHUB: VHN-149592 // JVNDB: JVNDB-2019-010637 // NVD: CVE-2019-17354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-506

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201910-506

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010637

PATCH

title:

NBG-418N v2

url:

https://www.zyxel.com/us/en/support/DownloadLandingSR.shtml?c=us&l=en&kbid=M-02059&md=NBG-418N%20v2#searchZyxelTab1

Trust: 0.8

sources: JVNDB: JVNDB-2019-010637

EXTERNAL IDS

db:	NVD	id:	CVE-2019-17354	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-010637	Trust: 0.8
db:	CNVD	id:	CNVD-2020-28446	Trust: 0.7
db:	CNNVD	id:	CNNVD-201910-506	Trust: 0.7
db:	VULHUB	id:	VHN-149592	Trust: 0.1

sources: CNVD: CNVD-2020-28446 // VULHUB: VHN-149592 // JVNDB: JVNDB-2019-010637 // CNNVD: CNNVD-201910-506 // NVD: CVE-2019-17354

REFERENCES

url:	https://github.com/d0x0/zyxel-nbg-418n-v2/blob/master/cve-2019-17354	Trust: 2.5
url:	https://www.zyxel.com/us/en/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17354	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17354	Trust: 0.8

sources: VULHUB: VHN-149592 // JVNDB: JVNDB-2019-010637 // CNNVD: CNNVD-201910-506 // NVD: CVE-2019-17354

SOURCES

db:	CNVD	id:	CNVD-2020-28446
db:	VULHUB	id:	VHN-149592
db:	JVNDB	id:	JVNDB-2019-010637
db:	CNNVD	id:	CNNVD-201910-506
db:	NVD	id:	CVE-2019-17354

LAST UPDATE DATE

2024-11-23T22:41:18.844000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-28446	date:	2020-05-15T00:00:00
db:	VULHUB	id:	VHN-149592	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-010637	date:	2019-10-18T00:00:00
db:	CNNVD	id:	CNNVD-201910-506	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2019-17354	date:	2024-11-21T04:32:09.397

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-28446	date:	2020-05-15T00:00:00
db:	VULHUB	id:	VHN-149592	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-010637	date:	2019-10-18T00:00:00
db:	CNNVD	id:	CNNVD-201910-506	date:	2019-10-09T00:00:00
db:	NVD	id:	CVE-2019-17354	date:	2019-10-09T12:15:10.547