CVE Vulnerability

CVE-2019-15803

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.

6.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml Vendor Advisory
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2019-11-14 09:15

Updated : 2020-08-24 05:37

NVD link : CVE-2019-15803

Mitre link : CVE-2019-15803

Products Affected

Gs1900-8hp Firmware

Zyxel

CWE
CWE-287