{"id": "CVE-2015-7256", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2017-09-28T01:29:00.670", "references": [{"url": "http://www.kb.cert.org/vuls/id/566724", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/566724", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys."}, {"lang": "es", "value": "Los puntos de acceso ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, NWA1123-NI; los CPE DSL P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, VSG1435-B101; las puertas de enlace para peque\u00f1as empresas PMG5318-B20A GPON, SBG3300-N000, SBG3300-NB00, SBG3500-N000; los switches GS1900-8 y GS1900-24 y los modelos de m\u00f3dem C1000Z, Q1000, FR1000Z, P8702N emplean certificados X.509 y claves host de SSH que no son \u00fanicos."}], "lastModified": "2024-11-21T02:36:26.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1100-n_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D2E585A-9A92-4A4A-9496-61C3F9AD74C0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1100-n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6904F1E3-5032-4FC8-95C9-1E2267A19382"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1100-nh_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDF4B052-913F-477D-BCCC-2CE965F6FE13"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1100-nh:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F73B7235-D7A0-4931-A92E-4B1BEE2102F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1121-ni_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CCCE350-59AB-42A1-AA17-F82289D5BCF4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1121-ni:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5156EAF7-E47F-4A8A-BB6C-047969276060"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123-ac_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30A700E3-2BC9-4BCF-A0FC-F7EFB1DF7392"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123-ac:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4261C53-83AC-4440-8408-7A8DFFE10F04"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123-ni_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "258C8E28-0C36-4B59-A047-938779FECD9A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123-ni:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98A7D843-1F0F-4173-A581-73B60130C7EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:p-660hn-51_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C16165B-FD30-43B0-965E-CBC8C46B1DB7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:p-660hn-51:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0138796-FFDC-4976-83AB-018DD7CD7D5F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:p-663hn-51_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04DAE774-A4DE-4F56-A22B-0C2AE261BEDC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:p-663hn-51:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1F2A8EAA-E91F-48D8-82F9-0719C6F6BB2F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg1312-b10a_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8CC0C61-EB6A-4736-80E3-B69693D4A2B1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg1312-b10a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7B6C4A31-3B83-444F-B5F8-1397B43B2211"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg1312-b30a_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B0F62E6-04C9-4611-8C82-80DD8D58757F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg1312-b30a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AD5CB070-4FD9-4393-94BF-40E3FD0C596F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg1312-b30b_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C4A52F8-F5FD-4E53-BBE6-69F673A7904B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg1312-b30b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C5CF7CD5-ADE5-4F77-9F81-C0FF32A5E267"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg4380-b10a_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4808FDF8-4815-4C4F-AFE7-31EADE517B31"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg4380-b10a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "88BA2BDF-9ACA-4F89-B7B7-FD232A6399CD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg8324-b10a_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF0AFA0F-D126-4D1C-89EC-878AB0F5E74C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "53C32749-82A6-42AA-9EBE-11014F161D2F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg8924-b10a_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11BEC42C-7815-4EA3-B1E5-66E2443B5032"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg8924-b10a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "96DC6BBF-15B8-496F-85FE-5373B6CEDC3C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg8924-b30a_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CB88CC1-9F13-4EB1-AF6D-5ED44EFB9868"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg8924-b30a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "89D58204-B0DB-4C36-A619-FA5969797CF2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vsg1435-b101_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5047833-C798-4111-8C97-CE9B70F7834D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vsg1435-b101:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C31517DD-3D1B-4F9D-8673-145927CADFBB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:pmg5318-b20a_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41AF2B1B-A5BB-4F40-9C30-6AD665AE5596"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:pmg5318-b20a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2EF6C90D-9BF3-4302-B834-BC897473E502"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:sbg3300-n000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "852E8F04-4C28-4904-AA4A-ACE4EAD6DC31"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:sbg3300-n000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "902A735D-2D84-4183-B4B3-FA36AD9F13A5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:sbg3300-nb00_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B338AE18-ECE4-4B90-A1D5-16F2983464E7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:sbg3300-nb00:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4658399-1699-4426-ACFF-BDEE20BF1A54"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:sbg3500-n000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BC4B86C-ED2F-406D-BCAA-B970BAD248D8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:sbg3500-n000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1E3BCE8-F36A-4FFE-933B-6BADF24506AF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "316DC84A-7B3C-4396-A0BD-EAA3B5DA0476"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91426AF7-9D95-486F-9155-B4F9636F3CEB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:c1000z_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC9FB893-7F6A-48AD-B3C8-FC85A6A80CEB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:c1000z:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "812C4AFE-364D-4D18-A79F-6CD98EDDC3B6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:q1000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8090C667-2E54-462F-BD5A-DF7854252A0B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:q1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F2A44DC-DFB9-46A8-BD9B-B207BBFFD764"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:fr1000z_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23ADD49B-C666-4E28-813A-55DB6BEF4EB4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:fr1000z:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BA597CC9-92FE-47AC-86F9-FA5B2E032961"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:p8702n_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59D9B829-FD92-46D2-840F-A99E5FF0DC4C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:p8702n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4C906711-7699-4A0A-BA3C-7A007EDF301E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cret@cert.org"}