CVE-2019-15800
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)
Se descubrió un problema en los dispositivos Zyxel GS1900 con firmware anterior a 2.50 (AAHH.0) C0. Debido a la falta de validación de entrada en las funciones cmd_sys_traceroute_exec (), cmd_sys_arp_clear () y cmd_sys_ping_exec () en la biblioteca libclicmd.so contenida en el firmware, un atacante podría aprovechar estas funciones para llamar al sistema () y ejecutar comandos arbitrarios en los conmutadores . (Tenga en cuenta que estas funciones no se invocan actualmente en esta versión del firmware, sin embargo, un atacante podría usar otras vulnerabilidades para finalmente usar estas vulnerabilidades para obtener la ejecución del código).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-29 CVE Reserved
- 2019-11-14 CVE Published
- 2024-02-09 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zyxel Search vendor "Zyxel" | Gs1900-8 Firmware Search vendor "Zyxel" for product "Gs1900-8 Firmware" | < 2.50\(aahh.0\)c0 Search vendor "Zyxel" for product "Gs1900-8 Firmware" and version " < 2.50\(aahh.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-8 Search vendor "Zyxel" for product "Gs1900-8" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-8hp Firmware Search vendor "Zyxel" for product "Gs1900-8hp Firmware" | < 2.50\(aahi.0\)c0 Search vendor "Zyxel" for product "Gs1900-8hp Firmware" and version " < 2.50\(aahi.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-8hp Search vendor "Zyxel" for product "Gs1900-8hp" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-10hp Firmware Search vendor "Zyxel" for product "Gs1900-10hp Firmware" | < 2.50\(aazi.0\)c0 Search vendor "Zyxel" for product "Gs1900-10hp Firmware" and version " < 2.50\(aazi.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-10hp Search vendor "Zyxel" for product "Gs1900-10hp" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-16 Firmware Search vendor "Zyxel" for product "Gs1900-16 Firmware" | < 2.50\(aahj.0\)c0 Search vendor "Zyxel" for product "Gs1900-16 Firmware" and version " < 2.50\(aahj.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-16 Search vendor "Zyxel" for product "Gs1900-16" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-24e Firmware Search vendor "Zyxel" for product "Gs1900-24e Firmware" | < 2.50\(aahk.0\)c0 Search vendor "Zyxel" for product "Gs1900-24e Firmware" and version " < 2.50\(aahk.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-24e Search vendor "Zyxel" for product "Gs1900-24e" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-24 Firmware Search vendor "Zyxel" for product "Gs1900-24 Firmware" | < 2.50\(aahl.0\)c0 Search vendor "Zyxel" for product "Gs1900-24 Firmware" and version " < 2.50\(aahl.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-24 Search vendor "Zyxel" for product "Gs1900-24" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-24hp Firmware Search vendor "Zyxel" for product "Gs1900-24hp Firmware" | < 2.50\(aahm.0\)c0 Search vendor "Zyxel" for product "Gs1900-24hp Firmware" and version " < 2.50\(aahm.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-24hp Search vendor "Zyxel" for product "Gs1900-24hp" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-48 Firmware Search vendor "Zyxel" for product "Gs1900-48 Firmware" | < 2.50\(aahn.0\)c0 Search vendor "Zyxel" for product "Gs1900-48 Firmware" and version " < 2.50\(aahn.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-48 Search vendor "Zyxel" for product "Gs1900-48" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-48hp Firmware Search vendor "Zyxel" for product "Gs1900-48hp Firmware" | < 2.50\(aaho.0\)c0 Search vendor "Zyxel" for product "Gs1900-48hp Firmware" and version " < 2.50\(aaho.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-48hp Search vendor "Zyxel" for product "Gs1900-48hp" | - | - |
Safe
|