Session Management Flaw in ZyXEL PMG5318-B20A Firmware
CVE-2015-6019

8.5HIGH

Key Information:

Vendor
Zyxel
Status
Pmg5318-b20a Firmware
Vendor
CVE Published:
31 December 2015

Summary

ZyXEL PMG5318-B20A devices running firmware version 1.00AANC0b5 exhibit a security vulnerability in their management portal. This issue arises because the portal fails to terminate user sessions after a logout action, allowing remote attackers to exploit unattended workstations. Consequently, unauthorized individuals can bypass intended access controls and gain sensitive information. It is essential for users to implement additional security measures to safeguard their devices against potential exploitation associated with this vulnerability.

References

http://www.securitytracker.com/id/1034553
vdb-entryx_refsource_SECTRACK
https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R
x_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/870744
third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.