Vulnerability Description
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Gs1900-48Hpv2 Firmware | < 2.80\(abtq.1\)c0 |
| Zyxel | Gs1900-48Hpv2 | - |
| Zyxel | Gs1900-48 Firmware | < 2.80\(aahn.1\)c0 |
| Zyxel | Gs1900-48 | - |
| Zyxel | Gs1900-24Hpv2 Firmware | < 2.80\(abtp.1\)c0 |
| Zyxel | Gs1900-24Hpv2 | - |
| Zyxel | Gs1900-24Ep Firmware | < 2.80\(abto.1\)c0 |
| Zyxel | Gs1900-24Ep | - |
| Zyxel | Gs1900-24E Firmware | <= 2.80\(aahk.1\)c0 |
| Zyxel | Gs1900-24E | - |
| Zyxel | Gs1900-24 Firmware | <= 2.80\(aahl.1\)c0 |
| Zyxel | Gs1900-24 | - |
| Zyxel | Gs1900-16 Firmware | < 2.80\(aahj.1\)c0 |
| Zyxel | Gs1900-16 | - |
| Zyxel | Gs1900-10Hp Firmware | < 2.80\(aazi.1\)c0 |
| Zyxel | Gs1900-10Hp | - |
| Zyxel | Gs1900-8Hp Firmware | < 2.80\(aahi.1\)c0 |
| Zyxel | Gs1900-8Hp | - |
| Zyxel | Gs1900-8 Firmware | < 2.80\(aahh.1\)c0 |
| Zyxel | Gs1900-8 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-38270?
CVE-2024-38270 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2....
How severe is CVE-2024-38270?
CVE-2024-38270 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-38270?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Gs1900-48Hpv2 Firmware, Zyxel Gs1900-48Hpv2, Zyxel Gs1900-48 Firmware, Zyxel Gs1900-48, Zyxel Gs1900-24Hpv2 Firmware.