CVE: CVE-2019-15799; CVE-2019-15800; CVE-2019-15801; CVE-2019-15802; CVE-2019-15803; CVE-2019-15804
Summary
Zyxel has released firmware updates for recently discovered vulnerabilities of the GS1900 switches and urges users to install them immediately for optimal protection.
What is the vulnerability?
Zyxel GS1900 series switches running firmware version 2.40 and earlier have the following vulnerabilities:
However, an attacker cannot exploit CVE-2019-15799 to CVE-2019-15804 vulnerabilities unless he/she possesses a user’s privileged account and access via SSH.
What should you do?
A thorough investigation has confirmed that GS1900 series switches are Zyxel’s only affected models. The latest firmware addressing the vulnerabilities are listed in the table below, and we urge users to install them immediately.
Device | Latest firmware version |
---|---|
GS1900-8 | 2.50(AAHH.0)C0 |
GS1900-8HP | 2.50(AAHI.0)C0 |
GS1900-10HP | 2.50(AAZI.0)C0 |
GS1900-16 | 2.50(AAHJ.0)C0 |
GS1900-24E | 2.50(AAHK.0)C0 |
GS1900-24 | 2.50(AAHL.0)C0 |
GS1900-24HP | 2.50(AAHM.0)C0 |
GS1900-48 | 2.50(AAHN.0)C0 |
GS1900-48HP | 2.50(AAHO.0)C0 |
Got a question or a tipoff?
Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact security@zyxel.com.tw and we’ll get right back to you.
Acknowledgment
Thanks to the following researchers for reporting the issues to us:
Revision history
Initial release 2019-11-14