CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 1CVE-2019-15802
https://notcve.org/view.php?id=CVE-2019-15802
14 Nov 2019 — An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware... • https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 1CVE-2019-15803
https://notcve.org/view.php?id=CVE-2019-15803
14 Nov 2019 — An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return T... • https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2019-15804
https://notcve.org/view.php?id=CVE-2019-15804
14 Nov 2019 — An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. • https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html •
CVSS: 5.9EPSS: 0%CPEs: 50EXPL: 0CVE-2015-7256
https://notcve.org/view.php?id=CVE-2015-7256
27 Sep 2017 — ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. Los puntos de acceso ZyXEL NWA1100-N, NWA1100-NH, ... • http://www.kb.cert.org/vuls/id/566724 • CWE-310: Cryptographic Issues •