CVE-2019-15803 — CRITICAL (9.1)

Q: How severe is CVE-2019-15803?

CVE-2019-15803 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-15803?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Gs1900-8 Firmware, Zyxel Gs1900-8, Zyxel Gs1900-8Hp Firmware, Zyxel Gs1900-8Hp, Zyxel Gs1900-10Hp Firmware.

Vulnerability Description

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Zyxel	Gs1900-8 Firmware	< 2.50\(aahh.0\)c0
Zyxel	Gs1900-8	-
Zyxel	Gs1900-8Hp Firmware	< 2.50\(aahi.0\)c0
Zyxel	Gs1900-8Hp	-
Zyxel	Gs1900-10Hp Firmware	< 2.50\(aazi.0\)c0
Zyxel	Gs1900-10Hp	-
Zyxel	Gs1900-16 Firmware	< 2.50\(aahj.0\)c0
Zyxel	Gs1900-16	-
Zyxel	Gs1900-24E Firmware	< 2.50\(aahk.0\)c0
Zyxel	Gs1900-24E	-
Zyxel	Gs1900-24 Firmware	< 2.50\(aahl.0\)c0
Zyxel	Gs1900-24	-
Zyxel	Gs1900-24Hp Firmware	< 2.50\(aahm.0\)c0
Zyxel	Gs1900-24Hp	-
Zyxel	Gs1900-48 Firmware	< 2.50\(aahn.0\)c0
Zyxel	Gs1900-48	-
Zyxel	Gs1900-48Hp Firmware	< 2.50\(aaho.0\)c0
Zyxel	Gs1900-48Hp	-

Related Weaknesses (CWE)

CWE-287

References

https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.htmlExploitThird Party Advisory
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtmlVendor Advisory
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.htmlExploitThird Party Advisory
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtmlVendor Advisory

FAQ

What is CVE-2019-15803?

CVE-2019-15803 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is tri...

How severe is CVE-2019-15803?

CVE-2019-15803 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-15803?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Gs1900-8 Firmware, Zyxel Gs1900-8, Zyxel Gs1900-8Hp Firmware, Zyxel Gs1900-8Hp, Zyxel Gs1900-10Hp Firmware.