Privilege Escalation in Zyxel GS1900 Switches
CVE-2019-15799

8.8HIGH

Key Information:

Vendor
Zyxel
Status
Gs1900-8 Firmware
Vendor
CVE Published:
14 November 2019

Summary

A vulnerability exists in Zyxel GS1900 devices where non-admin user accounts, though limited in the web interface, gain administrative access through SSH. This flaw allows users to execute the tech-support command, revealing encrypted passwords for all users, including the administrator's password. The use of well-known static parameters for encryption makes it feasible for attackers to decrypt these passwords, leading to unauthorized system access.

References

https://jasper.la/exploring-zyxel-gs1900-firmware-with-gh...
x_refsource_MISC
https://vimeo.com/354726424
x_refsource_MISC
https://www.zyxel.com/support/gs1900-switch-vulnerabiliti...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.