CVE-2019-15803

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:29

Type Values Removed Values Added
References () https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html - Exploit, Third Party Advisory () https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html - Exploit, Third Party Advisory
References () https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml - Vendor Advisory () https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml - Vendor Advisory

Information

Published : 2019-11-14 21:15

Updated : 2024-11-21 04:29


NVD link : CVE-2019-15803

Mitre link : CVE-2019-15803

CVE.ORG link : CVE-2019-15803


JSON object : View

Products Affected

zyxel

  • gs1900-10hp_firmware
  • gs1900-16
  • gs1900-48_firmware
  • gs1900-10hp
  • gs1900-16_firmware
  • gs1900-48hp
  • gs1900-24hp_firmware
  • gs1900-24e
  • gs1900-8hp_firmware
  • gs1900-24
  • gs1900-8
  • gs1900-24hp
  • gs1900-24e_firmware
  • gs1900-48
  • gs1900-8hp
  • gs1900-24_firmware
  • gs1900-8_firmware
  • gs1900-48hp_firmware
CWE
CWE-287

Improper Authentication