Remote Authentication Bypass in ZyXEL PMG5318-B20A Devices
CVE-2015-6020

8HIGH

Key Information:

Vendor

Zyxel
Status
Pmg5318-b20a Firmware
Vendor
CVE Published:
31 December 2015

What is CVE-2015-6020?

The ZyXEL PMG5318-B20A devices running firmware version 1.00AANC0b5 are susceptible to a vulnerability that allows remote authenticated users to elevate their privileges to that of an administrator. By exploiting this issue, an attacker can gain unauthorized access to critical administrative functions, potentially leading to further exploitation of the device and the network it is connected to. It is essential for users of these devices to apply security best practices and keep their firmware updated to mitigate this risk.

References

http://www.securitytracker.com/id/1034553
vdb-entryx_refsource_SECTRACK
https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R
x_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/870744
third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.