Your browser either does not support JavaScript or you have turned JavaScript off.

Zyxel security advisory for GS1900 switch vulnerabilities

CVE: CVE-2019-15799; CVE-2019-15800; CVE-2019-15801; CVE-2019-15802; CVE-2019-15803; CVE-2019-15804


Summary

Zyxel has released firmware updates for recently discovered vulnerabilities of the GS1900 switches and urges users to install them immediately for optimal protection.


What is the vulnerability?

Zyxel GS1900 series switches running firmware version 2.40 and earlier have the following vulnerabilities:

  • CVE-2019-15799: Incorrect access control for the full administrative level access via SSH for unprivileged users.
  • CVE-2019-15800: Improper input validation related to the functions of libclicmd.so library.
  • CVE-2019-15801: Contains fixed encrypted passwords for accessing debug and diagnostic functions.
  • CVE-2019-15802: Use of hard-coded Cryptographic Key for password encryption.
  • CVE-2019-15803: Hidden Functionality for the diagnostics shell via CTRL-ALT-t.
  • CVE-2019-15804: Hidden Functionality for the password recovery menu via SIGQUIT.
  • Allows an SSH session to be established without authentication, which by extension allows tunnelling and use of the affected device as a proxy.

However, an attacker cannot exploit CVE-2019-15799 to CVE-2019-15804 vulnerabilities unless he/she possesses a user’s privileged account and access via SSH.


What should you do?

A thorough investigation has confirmed that GS1900 series switches are Zyxel’s only affected models. The latest firmware addressing the vulnerabilities are listed in the table below, and we urge users to install them immediately.

Device Latest firmware version
GS1900-8 2.50(AAHH.0)C0
GS1900-8HP 2.50(AAHI.0)C0
GS1900-10HP 2.50(AAZI.0)C0
GS1900-16 2.50(AAHJ.0)C0
GS1900-24E 2.50(AAHK.0)C0
GS1900-24 2.50(AAHL.0)C0
GS1900-24HP 2.50(AAHM.0)C0
GS1900-48 2.50(AAHN.0)C0
GS1900-48HP 2.50(AAHO.0)C0

Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact security@zyxel.com.tw and we’ll get right back to you.


Acknowledgment

Thanks to the following researchers for reporting the issues to us:


Revision history

Initial release 2019-11-14