Sign-up

ID

VAR-201911-1315


CVE

CVE-2019-15803


TITLE

Zyxel GS1900 Vulnerability related to input validation in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-012185

DESCRIPTION

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information may be obtained and information may be altered. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit this vulnerability to access restricted features

Trust: 2.16

sources: NVD: CVE-2019-15803 // JVNDB: JVNDB-2019-012185 // CNVD: CNVD-2019-41669

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41669

AFFECTED PRODUCTS

vendor:zyxelmodel:gs1900-24escope:ltversion:2.50\(aahk.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-24scope:ltversion:2.50\(aahl.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-24hpscope:ltversion:2.50\(aahm.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-10hpscope:ltversion:2.50\(aazi.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-16scope:ltversion:2.50\(aahj.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-48hpscope:ltversion:2.50\(aaho.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-8scope:ltversion:2.50\(aahh.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-8hpscope:ltversion:2.50\(aahi.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-48scope:ltversion:2.50\(aahn.0\)c0

Trust: 1.0

vendor:zyxelmodel:gs1900-10hpscope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-16scope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-24scope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-24escope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-24hpscope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-48scope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-48hpscope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-8scope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900-8hpscope:ltversion:2.50(aahh.0)c0

Trust: 0.8

vendor:zyxelmodel:gs1900 <2.50 c0scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-41669 // JVNDB: JVNDB-2019-012185 // NVD: CVE-2019-15803

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15803
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-15803
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-41669
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-995
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15803
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41669
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15803
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-15803
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41669 // JVNDB: JVNDB-2019-012185 // CNNVD: CNNVD-201911-995 // NVD: CVE-2019-15803

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-012185 // NVD: CVE-2019-15803

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-995

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201911-995

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012185

PATCH
title:Zyxel security advisory for GS1900 switch vulnerabilitiesurl:https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml
Trust: 0.8
title:Patch for Unknown vulnerability in ZyXEL GS1900 (CNVD-2019-41669)url:https://www.cnvd.org.cn/patchInfo/show/191507
Trust: 0.6
title:ZyXEL GS1900 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103377
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41669 // 
            
            
            
            JVNDB: JVNDB-2019-012185 // 
            
            
            
            CNNVD: CNNVD-201911-995

EXTERNAL IDS
db:NVDid:CVE-2019-15803
Trust: 3.0
db:JVNDBid:JVNDB-2019-012185
Trust: 0.8
db:CNVDid:CNVD-2019-41669
Trust: 0.6
db:CNNVDid:CNNVD-201911-995
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41669 // 
            
            
            
            JVNDB: JVNDB-2019-012185 // 
            
            
            
            CNNVD: CNNVD-201911-995 // 
            
            
            
            NVD: CVE-2019-15803

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-15803
Trust: 2.0
url:https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html
Trust: 1.6
url:https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15803
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-41669 // 
            
            
            
            JVNDB: JVNDB-2019-012185 // 
            
            
            
            CNNVD: CNNVD-201911-995 // 
            
            
            
            NVD: CVE-2019-15803

SOURCES
db:CNVDid:CNVD-2019-41669
db:JVNDBid:JVNDB-2019-012185
db:CNNVDid:CNNVD-201911-995
db:NVDid:CVE-2019-15803

LAST UPDATE DATE
2024-11-23T21:59:37.896000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41669date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012185date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-995date:2020-09-02T00:00:00
db:NVDid:CVE-2019-15803date:2024-11-21T04:29:29.943

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41669date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2019-012185date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-995date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15803date:2019-11-14T21:15:11.890