CVE-2019-15803
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.
Se descubrió un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versión 2.50 (AAHH.0) C0. A través de una secuencia indocumentada de pulsaciones de teclas, se activa la funcionalidad no documentada. Se activa un shell de diagnóstico a través de CTRL-ALT-t, que solicita la contraseña devuelta por fds_sys_passDebugPasswd_ret (). El firmware contiene comprobaciones de control de acceso que determinan si los usuarios remotos pueden acceder a esta funcionalidad. La función que realiza esta comprobación (fds_sys_remoteDebugEnable_ret en libfds.so) siempre devuelve VERDADERO sin realizar comprobaciones reales. El menú de diagnóstico permite leer / escribir registros arbitrarios y varios otros parámetros de configuración que se cree que están relacionados con los chips de la interfaz de red.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-29 CVE Reserved
- 2019-11-14 CVE Published
- 2023-12-24 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zyxel Search vendor "Zyxel" | Gs1900-8 Firmware Search vendor "Zyxel" for product "Gs1900-8 Firmware" | < 2.50\(aahh.0\)c0 Search vendor "Zyxel" for product "Gs1900-8 Firmware" and version " < 2.50\(aahh.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-8 Search vendor "Zyxel" for product "Gs1900-8" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-8hp Firmware Search vendor "Zyxel" for product "Gs1900-8hp Firmware" | < 2.50\(aahi.0\)c0 Search vendor "Zyxel" for product "Gs1900-8hp Firmware" and version " < 2.50\(aahi.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-8hp Search vendor "Zyxel" for product "Gs1900-8hp" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-10hp Firmware Search vendor "Zyxel" for product "Gs1900-10hp Firmware" | < 2.50\(aazi.0\)c0 Search vendor "Zyxel" for product "Gs1900-10hp Firmware" and version " < 2.50\(aazi.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-10hp Search vendor "Zyxel" for product "Gs1900-10hp" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-16 Firmware Search vendor "Zyxel" for product "Gs1900-16 Firmware" | < 2.50\(aahj.0\)c0 Search vendor "Zyxel" for product "Gs1900-16 Firmware" and version " < 2.50\(aahj.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-16 Search vendor "Zyxel" for product "Gs1900-16" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-24e Firmware Search vendor "Zyxel" for product "Gs1900-24e Firmware" | < 2.50\(aahk.0\)c0 Search vendor "Zyxel" for product "Gs1900-24e Firmware" and version " < 2.50\(aahk.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-24e Search vendor "Zyxel" for product "Gs1900-24e" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-24 Firmware Search vendor "Zyxel" for product "Gs1900-24 Firmware" | < 2.50\(aahl.0\)c0 Search vendor "Zyxel" for product "Gs1900-24 Firmware" and version " < 2.50\(aahl.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-24 Search vendor "Zyxel" for product "Gs1900-24" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-24hp Firmware Search vendor "Zyxel" for product "Gs1900-24hp Firmware" | < 2.50\(aahm.0\)c0 Search vendor "Zyxel" for product "Gs1900-24hp Firmware" and version " < 2.50\(aahm.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-24hp Search vendor "Zyxel" for product "Gs1900-24hp" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-48 Firmware Search vendor "Zyxel" for product "Gs1900-48 Firmware" | < 2.50\(aahn.0\)c0 Search vendor "Zyxel" for product "Gs1900-48 Firmware" and version " < 2.50\(aahn.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-48 Search vendor "Zyxel" for product "Gs1900-48" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Gs1900-48hp Firmware Search vendor "Zyxel" for product "Gs1900-48hp Firmware" | < 2.50\(aaho.0\)c0 Search vendor "Zyxel" for product "Gs1900-48hp Firmware" and version " < 2.50\(aaho.0\)c0" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Gs1900-48hp Search vendor "Zyxel" for product "Gs1900-48hp" | - | - |
Safe
|