Non-Unique X.509 Certificates and SSH Host Keys in ZyXEL Products
CVE-2015-7256

5.9MEDIUM

Key Information:

Vendor: Zyxel
Status: Nwa1100-n Firmware
Vendor: CVE Published:; 28 September 2017

What is CVE-2015-7256?

Certain ZyXEL networking devices, including various models of access points, DSL CPEs, GPONs, business gateways, and switches, exhibit a security misconfiguration involving non-unique X.509 certificates and SSH host keys. This misconfiguration may lead to exposure of sensitive information and unauthorized access to network services. Organizations using these devices should prioritize the implementation of unique keys and certificates to mitigate risks associated with potential unauthorized access and data breaches.

References

http://www.kb.cert.org/vuls/id/566724

third-party-advisoryx_refsource_CERT-VN

http://www.zyxel.com/support/announcement_SSH_private_key...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2017
Vulnerability Reserved
Sep 18, 2015

CVE-2015-7256 Data

JSON

Zyxel

What is CVE-2015-7256?

References

CVSS V3.1

Timeline