var-201911-1315
Vulnerability from variot
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information may be obtained and information may be altered. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan.
A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit this vulnerability to access restricted features
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-10hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8hp_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
}
]
},
"cve": "CVE-2019-15803",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15803",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41669",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15803",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15803",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15803",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-15803",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-41669",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-995",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information may be obtained and information may be altered. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit this vulnerability to access restricted features",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15803"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNVD",
"id": "CNVD-2019-41669"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15803",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41669",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"id": "VAR-201911-1315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
}
]
},
"last_update_date": "2024-11-23T21:59:37.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for Unknown vulnerability in ZyXEL GS1900 (CNVD-2019-41669)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191507"
},
{
"title": "ZyXEL GS1900 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103377"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15803"
},
{
"trust": 1.6,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 1.6,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15803"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"date": "2019-11-14T21:15:11.890000",
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"date": "2024-11-21T04:29:29.943000",
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Vulnerability related to input validation in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.