Insufficient Entropy Vulnerability in Zyxel GS1900 Series Switches
CVE-2022-34746

5.9MEDIUM

Key Information:

Vendor: Zyxel
Status: Zyxel Gs1900 Series Firmware
Vendor: CVE Published:; 20 September 2022

Summary

An insufficient entropy vulnerability has been identified in the firmware of Zyxel GS1900 series switches, where the improper use of randomness sources for RSA key pair generation can lead to security risks. An unauthenticated attacker could exploit this weakness to retrieve private keys by factoring the RSA modulus found in the certificates of the web administration interface, posing significant risks to network security. Users are advised to update to firmware version V2.70 or later to mitigate this issue.

Affected Version(s)

Zyxel GS1900 series firmware < V2.70

References

https://www.zyxel.com/global/en/support/security-advisori...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2022
Vulnerability Reserved
Jun 28, 2022