CVE-2015-6019
https://notcve.org/view.php?id=CVE-2015-6019
The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. El portal de gestión en dispositivos ZyXEL PMG5318-B20A con firmware 1.00AANC0b5 no finaliza sesión sobre una acción de cierre de sesión, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso aprovechando una estación de trabajo sin supervisión. • http://www.securitytracker.com/id/1034553 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R •
CVE-2015-6020
https://notcve.org/view.php?id=CVE-2015-6020
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. Dispositivos ZyXEL PMG5318-B20A con firmware 1.00AANC0b5 permiten a usuarios remotos autenticados obtener privilegios administrativos aprovechando el acceso a la cuenta de usuario. • http://www.securitytracker.com/id/1034553 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-6016
https://notcve.org/view.php?id=CVE-2015-6016
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. Dispositivos ZyXEL P-660HW-T1 2 con firmware ZyNOS 3.40(AXH.0), dispositivos PMG5318-B20A con firmware 1.00AANC0b5 y dispositivos NBG-418N tienen una contraseña por defecto de 1234 para la cuenta de admin, lo que permite a atacantes remotos obtener acceso administrativo a través de vectores no especificados. • http://www.securitytracker.com/id/1034552 http://www.securitytracker.com/id/1034553 http://www.securitytracker.com/id/1034554 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R • CWE-255: Credentials Management Errors •
CVE-2015-6018 – ZYXEL PMG5318-B20A - OS Command Injection
https://notcve.org/view.php?id=CVE-2015-6018
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. La implementación de diagnostic-ping en dispositivos ZyXEL PMG5318-B20A con firmware anterior a 1.00(AANC.2)C0 permite a atacantes remotos ejecutar comandos arbitrarios a través del parámetro PingIPAddr. ZyXEL PMG5318-B20A suffers from a command injection vulnerability via the ping function. • https://www.exploit-db.com/exploits/38455 http://www.securitytracker.com/id/1034553 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R • CWE-264: Permissions, Privileges, and Access Controls •