// For flags

CVE-2019-15803

 

Severity Score

9.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.

Se descubrió un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versión 2.50 (AAHH.0) C0. A través de una secuencia indocumentada de pulsaciones de teclas, se activa la funcionalidad no documentada. Se activa un shell de diagnóstico a través de CTRL-ALT-t, que solicita la contraseña devuelta por fds_sys_passDebugPasswd_ret (). El firmware contiene comprobaciones de control de acceso que determinan si los usuarios remotos pueden acceder a esta funcionalidad. La función que realiza esta comprobación (fds_sys_remoteDebugEnable_ret en libfds.so) siempre devuelve VERDADERO sin realizar comprobaciones reales. El menú de diagnóstico permite leer / escribir registros arbitrarios y varios otros parámetros de configuración que se cree que están relacionados con los chips de la interfaz de red.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-08-29 CVE Reserved
  • 2019-11-14 CVE Published
  • 2023-12-24 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zyxel
Search vendor "Zyxel"
Gs1900-8 Firmware
Search vendor "Zyxel" for product "Gs1900-8 Firmware"
< 2.50\(aahh.0\)c0
Search vendor "Zyxel" for product "Gs1900-8 Firmware" and version " < 2.50\(aahh.0\)c0"
-
Affected
in Zyxel
Search vendor "Zyxel"
Gs1900-8
Search vendor "Zyxel" for product "Gs1900-8"
--
Safe
Zyxel
Search vendor "Zyxel"
Gs1900-8hp Firmware
Search vendor "Zyxel" for product "Gs1900-8hp Firmware"
< 2.50\(aahi.0\)c0
Search vendor "Zyxel" for product "Gs1900-8hp Firmware" and version " < 2.50\(aahi.0\)c0"
-
Affected
in Zyxel
Search vendor "Zyxel"
Gs1900-8hp
Search vendor "Zyxel" for product "Gs1900-8hp"
--
Safe
Zyxel
Search vendor "Zyxel"
Gs1900-10hp Firmware
Search vendor "Zyxel" for product "Gs1900-10hp Firmware"
< 2.50\(aazi.0\)c0
Search vendor "Zyxel" for product "Gs1900-10hp Firmware" and version " < 2.50\(aazi.0\)c0"
-
Affected
in Zyxel
Search vendor "Zyxel"
Gs1900-10hp
Search vendor "Zyxel" for product "Gs1900-10hp"
--
Safe
Zyxel
Search vendor "Zyxel"
Gs1900-16 Firmware
Search vendor "Zyxel" for product "Gs1900-16 Firmware"
< 2.50\(aahj.0\)c0
Search vendor "Zyxel" for product "Gs1900-16 Firmware" and version " < 2.50\(aahj.0\)c0"
-
Affected
in Zyxel
Search vendor "Zyxel"
Gs1900-16
Search vendor "Zyxel" for product "Gs1900-16"
--
Safe
Zyxel
Search vendor "Zyxel"
Gs1900-24e Firmware
Search vendor "Zyxel" for product "Gs1900-24e Firmware"
< 2.50\(aahk.0\)c0
Search vendor "Zyxel" for product "Gs1900-24e Firmware" and version " < 2.50\(aahk.0\)c0"
-
Affected
in Zyxel
Search vendor "Zyxel"
Gs1900-24e
Search vendor "Zyxel" for product "Gs1900-24e"
--
Safe
Zyxel
Search vendor "Zyxel"
Gs1900-24 Firmware
Search vendor "Zyxel" for product "Gs1900-24 Firmware"
< 2.50\(aahl.0\)c0
Search vendor "Zyxel" for product "Gs1900-24 Firmware" and version " < 2.50\(aahl.0\)c0"
-
Affected
in Zyxel
Search vendor "Zyxel"
Gs1900-24
Search vendor "Zyxel" for product "Gs1900-24"
--
Safe
Zyxel
Search vendor "Zyxel"
Gs1900-24hp Firmware
Search vendor "Zyxel" for product "Gs1900-24hp Firmware"
< 2.50\(aahm.0\)c0
Search vendor "Zyxel" for product "Gs1900-24hp Firmware" and version " < 2.50\(aahm.0\)c0"
-
Affected
in Zyxel
Search vendor "Zyxel"
Gs1900-24hp
Search vendor "Zyxel" for product "Gs1900-24hp"
--
Safe
Zyxel
Search vendor "Zyxel"
Gs1900-48 Firmware
Search vendor "Zyxel" for product "Gs1900-48 Firmware"
< 2.50\(aahn.0\)c0
Search vendor "Zyxel" for product "Gs1900-48 Firmware" and version " < 2.50\(aahn.0\)c0"
-
Affected
in Zyxel
Search vendor "Zyxel"
Gs1900-48
Search vendor "Zyxel" for product "Gs1900-48"
--
Safe
Zyxel
Search vendor "Zyxel"
Gs1900-48hp Firmware
Search vendor "Zyxel" for product "Gs1900-48hp Firmware"
< 2.50\(aaho.0\)c0
Search vendor "Zyxel" for product "Gs1900-48hp Firmware" and version " < 2.50\(aaho.0\)c0"
-
Affected
in Zyxel
Search vendor "Zyxel"
Gs1900-48hp
Search vendor "Zyxel" for product "Gs1900-48hp"
--
Safe