cve-2022-34746
Vulnerability from cvelistv5
Published
2022-09-20 01:50
Modified
2024-08-03 09:22
Severity ?
EPSS score ?
Summary
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | Zyxel GS1900 series firmware |
Version: < V2.70 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:09.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zyxel GS1900 series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V2.70"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331: Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T01:50:09",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-34746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zyxel GS1900 series firmware",
"version": {
"version_data": [
{
"version_value": "\u003c V2.70"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-331: Insufficient Entropy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-34746",
"datePublished": "2022-09-20T01:50:09",
"dateReserved": "2022-06-28T00:00:00",
"dateUpdated": "2024-08-03T09:22:09.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-34746\",\"sourceIdentifier\":\"security@zyxel.com.tw\",\"published\":\"2022-09-20T02:15:08.640\",\"lastModified\":\"2024-11-21T07:10:06.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad de entrop\u00eda insuficiente causada por el uso inapropiado de fuentes de aleatoriedad con baja entrop\u00eda para la generaci\u00f3n de pares de claves RSA en las versiones de firmware de la serie Zyxel GS1900 versiones anteriores a V2.70. Esta vulnerabilidad podr\u00eda permitir a un atacante no autenticado recuperar una clave privada mediante la factorizaci\u00f3n del m\u00f3dulo N de RSA en el certificado de la interfaz de administraci\u00f3n web\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-331\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-331\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahh.3\\\\)c0\",\"matchCriteriaId\":\"9B8C89E9-1F95-41E8-9E03-ACF475F2D2D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D33F50-B5A4-4AEF-972C-7FF089C21D52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahi.3\\\\)c0\",\"matchCriteriaId\":\"309B1AEB-4154-42A1-B892-EC511A3C03F0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27602862-EFB7-402B-994E-254A0B210820\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aazi.3\\\\)c0\",\"matchCriteriaId\":\"6BDB45D9-2EF6-41FC-94A4-FFE7D3105C43\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89201505-07AF-4F9C-9304-46F2707DB9B4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahj.3\\\\)c0\",\"matchCriteriaId\":\"8FC381F1-041B-4634-9F67-698E29037955\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahl.3\\\\)c0\",\"matchCriteriaId\":\"7B87441A-7C43-4B63-99D5-BA70364F062D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4F55299-70D5-4CE1-A1EC-D79B469B94F7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahk.3\\\\)c0\",\"matchCriteriaId\":\"A1AF52CD-C62F-41C5-89BB-253A6F5C3624\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(abto.3\\\\)c0\",\"matchCriteriaId\":\"8EEEAB28-5FE5-42E4-88E6-9BCDA03B9420\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B22AA8B1-11E2-408F-A1F6-0F8AF32AB131\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(abtp.3\\\\)c0\",\"matchCriteriaId\":\"1841493A-E849-413B-B39D-77A8E940B138\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"512D9A91-8DA7-47F1-AC77-AF743F99BFF3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(aahn.3\\\\)c0\",\"matchCriteriaId\":\"17331D45-94BA-489F-BA8A-53F72026244C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFB7D4BF-7D17-48D3-990D-4BADAC8BD868\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.70\\\\(abtq.3\\\\)c0\",\"matchCriteriaId\":\"32A2CB26-844A-41ED-A59A-E67ACD371DCA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC74C679-6D22-47E4-AE8A-2647B1AA4276\"}]}]}],\"references\":[{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches\",\"source\":\"security@zyxel.com.tw\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.