CVE-2022-34746 — MEDIUM (5.9)

Q: How severe is CVE-2022-34746?

CVE-2022-34746 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-34746?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Gs1900-8 Firmware, Zyxel Gs1900-8, Zyxel Gs1900-8Hp Firmware, Zyxel Gs1900-8Hp, Zyxel Gs1900-10Hp Firmware.

Vulnerability Description

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Zyxel	Gs1900-8 Firmware	< 2.70\(aahh.3\)c0
Zyxel	Gs1900-8	-
Zyxel	Gs1900-8Hp Firmware	< 2.70\(aahi.3\)c0
Zyxel	Gs1900-8Hp	-
Zyxel	Gs1900-10Hp Firmware	< 2.70\(aazi.3\)c0
Zyxel	Gs1900-10Hp	-
Zyxel	Gs1900-16 Firmware	< 2.70\(aahj.3\)c0
Zyxel	Gs1900-16	-
Zyxel	Gs1900-24 Firmware	< 2.70\(aahl.3\)c0
Zyxel	Gs1900-24	-
Zyxel	Gs1900-24E Firmware	< 2.70\(aahk.3\)c0
Zyxel	Gs1900-24E	-
Zyxel	Gs1900-24Ep Firmware	< 2.70\(abto.3\)c0
Zyxel	Gs1900-24Ep	-
Zyxel	Gs1900-24Hpv2 Firmware	< 2.70\(abtp.3\)c0
Zyxel	Gs1900-24Hpv2	-
Zyxel	Gs1900-48 Firmware	< 2.70\(aahn.3\)c0
Zyxel	Gs1900-48	-
Zyxel	Gs1900-48Hpv2 Firmware	< 2.70\(abtq.3\)c0
Zyxel	Gs1900-48Hpv2	-

Related Weaknesses (CWE)

CWE-331

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisPatchVendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisPatchVendor Advisory

FAQ

What is CVE-2022-34746?

CVE-2022-34746 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. T...

How severe is CVE-2022-34746?

CVE-2022-34746 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-34746?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Gs1900-8 Firmware, Zyxel Gs1900-8, Zyxel Gs1900-8Hp Firmware, Zyxel Gs1900-8Hp, Zyxel Gs1900-10Hp Firmware.