Vulnerability CVE-2015-7256


Published: 2017-09-27   Modified: 2017-09-28

Description:
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Zyxel -> Nwa1100-nh firmware 
Zyxel -> Vmg4380-b10a firmware 
Zyxel -> Vsg1435-b101 firmware 
Zyxel -> Nwa1123-ni firmware 
Zyxel -> Vmg1312-b10a firmware 
Zyxel -> P-663hn-51 firmware 
Zyxel -> Sbg3300-nb00 firmware 
Zyxel -> Sbg3500-n000 firmware 
Zyxel -> Sbg3300-n000 firmware 
Zyxel -> Fr1000z firmware 
Zyxel -> Nwa1123-ac firmware 
Zyxel -> Gs1900-24 firmware 
Zyxel -> Vmg8324-b10a firmware 
Zyxel -> Vmg8924-b30a firmware 
Zyxel -> Vmg1312-b30b firmware 
Zyxel -> Vmg1312-b30a firmware 
Zyxel -> Vmg8924-b10a firmware 
Zyxel -> Nwa1121-ni firmware 
Zyxel -> Q1000 firmware 
Zyxel -> C1000z firmware 
Zyxel -> Pmg5318-b20a firmware 
Zyxel -> Gs1900-8 firmware 
Zyxel -> P-660hn-51 firmware 
Zyxel -> P8702n firmware 
Zyxel -> Nwa1100-n firmware 

 References:
http://www.kb.cert.org/vuls/id/566724
http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml

Copyright 2021, cxsecurity.com

 

Back to Top