An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
18 Sep 2024, 18:23
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zyxel gs1900-48
Zyxel gs1900-48hpv2 Firmware Zyxel gs1900-24ep Zyxel gs1900-8 Firmware Zyxel gs1900-24ep Firmware Zyxel gs1900-48 Firmware Zyxel Zyxel gs1900-24e Firmware Zyxel gs1900-16 Firmware Zyxel gs1900-10hp Firmware Zyxel gs1900-24e Zyxel gs1900-8hp Zyxel gs1900-24 Firmware Zyxel gs1900-48hpv2 Zyxel gs1900-8hp Firmware Zyxel gs1900-24 Zyxel gs1900-24hpv2 Firmware Zyxel gs1900-10hp Zyxel gs1900-8 Zyxel gs1900-24hpv2 Zyxel gs1900-16 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-for-web-authentication-tokens-generation-in-gs1900-series-switches-09-10-2024 - Vendor Advisory | |
CPE | cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:* |
10 Sep 2024, 12:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
10 Sep 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-10 02:15
Updated : 2024-09-18 18:23
NVD link : CVE-2024-38270
Mitre link : CVE-2024-38270
CVE.ORG link : CVE-2024-38270
JSON object : View
Products Affected
zyxel
- gs1900-16
- gs1900-16_firmware
- gs1900-24
- gs1900-48_firmware
- gs1900-48
- gs1900-24hpv2_firmware
- gs1900-8_firmware
- gs1900-24e_firmware
- gs1900-48hpv2_firmware
- gs1900-24_firmware
- gs1900-8
- gs1900-8hp
- gs1900-10hp
- gs1900-8hp_firmware
- gs1900-24e
- gs1900-48hpv2
- gs1900-24ep_firmware
- gs1900-24hpv2
- gs1900-24ep
- gs1900-10hp_firmware
CWE
CWE-331
Insufficient Entropy