CVE-2019-15800: OS Command Injection
First published: Thu Nov 14 2019(Updated: )
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel GS1900-8 firmware | <2.50\(aahh.0\)c0 | |
| Zyxel GS1900-8 | ||
| Zyxel Gs1900-8hp Firmware | <2.50\(aahi.0\)c0 | |
| Zyxel Gs1900-8hp | ||
| Zyxel Gs1900-10hp Firmware | <2.50\(aazi.0\)c0 | |
| Zyxel Gs1900-10hp | ||
| Zyxel Gs1900-16 Firmware | <2.50\(aahj.0\)c0 | |
| Zyxel Gs1900-16 | ||
| Zyxel Gs1900-24e Firmware | <2.50\(aahk.0\)c0 | |
| Zyxel GS1900-24E | ||
| Zyxel Gs1900-24 Firmware | <2.50\(aahl.0\)c0 | |
| Zyxel GS1900-24 | ||
| Zyxel Gs1900-24hp Firmware | <2.50\(aahm.0\)c0 | |
| Zyxel Gs1900-24hp | ||
| Zyxel Gs1900-48 Firmware | <2.50\(aahn.0\)c0 | |
| Zyxel Gs1900-48 | ||
| Zyxel Gs1900-48hp Firmware | <2.50\(aaho.0\)c0 | |
| Zyxel Gs1900-48hp |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15800?
CVE-2019-15800 is a critical vulnerability found in Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
What is the severity of CVE-2019-15800?
CVE-2019-15800 has a severity rating of 9.8 (critical).
Which Zyxel GS1900 devices are affected by CVE-2019-15800?
Zyxel GS1900-8, Zyxel GS19800-8hp, Zyxel GS1900-10hp, Zyxel GS1900-16, Zyxel GS1900-24e, Zyxel GS1900-24, Zyxel GS1900-24hp, Zyxel GS1900-48, and Zyxel GS1900-48hp are affected by CVE-2019-15800.
How can an attacker exploit CVE-2019-15800?
An attacker can exploit CVE-2019-15800 by leveraging input validation vulnerabilities in the libclicmd.so library contained in the firmware, specifically in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions.
Where can I find more information about CVE-2019-15800?
You can find more information about CVE-2019-15800 in the following references: [https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html](https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html) and [https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml](https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml).
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/zyxel
- canonical/zyxel gs1900-8 firmware
- canonical/zyxel gs1900-8
- canonical/zyxel gs1900-8hp firmware
- canonical/zyxel gs1900-8hp
- canonical/zyxel gs1900-10hp firmware
- canonical/zyxel gs1900-10hp
- canonical/zyxel gs1900-16 firmware
- canonical/zyxel gs1900-16
- canonical/zyxel gs1900-24e firmware
- canonical/zyxel gs1900-24e
- canonical/zyxel gs1900-24 firmware
- canonical/zyxel gs1900-24
- canonical/zyxel gs1900-24hp firmware
- canonical/zyxel gs1900-24hp
- canonical/zyxel gs1900-48 firmware
- canonical/zyxel gs1900-48
- canonical/zyxel gs1900-48hp firmware
- canonical/zyxel gs1900-48hp