Input Validation Flaw in Zyxel GS1900 Devices
CVE-2019-15800

9.8CRITICAL

Key Information:

Vendor: Zyxel
Status: Gs1900-8 Firmware
Vendor: CVE Published:; 14 November 2019

Summary

A vulnerability exists in Zyxel GS1900 switches due to insufficient input validation in certain library functions. This flaw can potentially allow an attacker to exploit other vulnerabilities to execute arbitrary commands on the devices. Although the affected functions are not currently utilized, their existence in prior firmware versions poses a risk for exploitation. This emphasizes the importance of keeping firmware updated to mitigate potential security threats.

References

https://jasper.la/exploring-zyxel-gs1900-firmware-with-gh...

x_refsource_MISC

https://www.zyxel.com/support/gs1900-switch-vulnerabiliti...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2019
Vulnerability Reserved
Aug 29, 2019