Vulnerabilities > CVE-2019-15804 - Unspecified vulnerability in Zyxel products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

zyxel

NVD

Published: 2019-11-14

Updated: 2020-08-24

Summary

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.

Vulnerable Configurations

Part	Description	Count
OS	Zyxel Zyxel Gs1900 8 Firmware - Zyxel Gs1900 8 Firmware 2.40 Zyxel Gs1900 8HP Firmware - Zyxel Gs1900 8HP Firmware 2.40 Zyxel Gs1900 10Hp Firmware - Zyxel Gs1900 10Hp Firmware 2.40 Zyxel Gs1900 16 Firmware - Zyxel Gs1900 16 Firmware 2.40 Zyxel Gs1900 24E Firmware - Zyxel Gs1900 24E Firmware 2.40 Zyxel Gs1900 24 Firmware - Zyxel Gs1900 24 Firmware 2.40 Zyxel Gs1900 24Hp Firmware - Zyxel Gs1900 24Hp Firmware 2.40 Zyxel Gs1900 48 Firmware - Zyxel Gs1900 48 Firmware 2.40 Zyxel Gs1900 48Hp Firmware - Zyxel Gs1900 48Hp Firmware 2.40	18
Hardware	Zyxel Zyxel Gs1900 8 - Zyxel Gs1900 8HP - Zyxel Gs1900 10Hp - Zyxel Gs1900 16 - Zyxel Gs1900 24E - Zyxel Gs1900 24 - Zyxel Gs1900 24Hp - Zyxel Gs1900 48 - Zyxel Gs1900 48Hp -	9

Summary

Vulnerable Configurations

References