CVE-2019-15802 : An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware.

Published 2019-11-14 21:15:12

Updated 2019-11-22 19:11:12

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-15802

Zyxel » Gs1900-8 Firmware
Versions before (<) 2.50\(aahh.0\)c0
cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-8 » Version: N/A
Zyxel » Gs1900-24 Firmware
Versions before (<) 2.50\(aahl.0\)c0
cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-24 » Version: N/A
Zyxel » Gs1900-8hp Firmware
Versions before (<) 2.50\(aahi.0\)c0
cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-8hp » Version: N/A
Zyxel » Gs1900-10hp Firmware
Versions before (<) 2.50\(aazi.0\)c0
cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-10hp » Version: N/A
Zyxel » Gs1900-16 Firmware
Versions before (<) 2.50\(aahj.0\)c0
cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-16 » Version: N/A
Zyxel » Gs1900-24e Firmware
Versions before (<) 2.50\(aahk.0\)c0
cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-24e » Version: N/A
Zyxel » Gs1900-24hp Firmware
Versions before (<) 2.50\(aahm.0\)c0
cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-24hp » Version: N/A
Zyxel » Gs1900-48 Firmware
Versions before (<) 2.50\(aahn.0\)c0
cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-48 » Version: N/A
Zyxel » Gs1900-48hp Firmware
Versions before (<) 2.50\(aaho.0\)c0
cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Gs1900-48hp » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-15802

EPSS FAQ

0.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-15802

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2019-15802

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-15802

https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml

Zyxel security advisory for GS1900 switch vulnerabilities | Zyxel
Vendor Advisory

CVEs referencing this url
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html

Exploring Zyxel GS1900 firmware with Ghidra - [ jasper.la ]
Exploit;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-15802

Products affected by CVE-2019-15802

Exploit prediction scoring system (EPSS) score for CVE-2019-15802

CVSS scores for CVE-2019-15802

CWE ids for CVE-2019-15802

References for CVE-2019-15802