CVE-2019-15803
First published: Thu Nov 14 2019(Updated: )
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel GS1900-8 firmware | <2.50\(aahh.0\)c0 | |
| Zyxel GS1900-8 | ||
| Zyxel Gs1900-8hp Firmware | <2.50\(aahi.0\)c0 | |
| Zyxel Gs1900-8hp | ||
| Zyxel GS1900-10HP firmware | <2.50\(aazi.0\)c0 | |
| Zyxel GS1900-10HP | ||
| Zyxel Gs1900-16 Firmware | <2.50\(aahj.0\)c0 | |
| Zyxel Gs1900-16 | ||
| Zyxel Gs1900-24e Firmware | <2.50\(aahk.0\)c0 | |
| Zyxel GS1900-24E | ||
| Zyxel Gs1900-24 Firmware | <2.50\(aahl.0\)c0 | |
| Zyxel GS1900-24 | ||
| Zyxel Gs1900-24hp Firmware | <2.50\(aahm.0\)c0 | |
| Zyxel Gs1900-24hp | ||
| Zyxel Gs1900-48 Firmware | <2.50\(aahn.0\)c0 | |
| Zyxel GS1900-48 | ||
| Zyxel Gs1900-48hp Firmware | <2.50\(aaho.0\)c0 | |
| Zyxel Gs1900-48hp |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-15803.
What is the severity level of CVE-2019-15803?
CVE-2019-15803 has a severity level of critical.
Which Zyxel GS1900 devices are affected by this vulnerability?
This vulnerability affects Zyxel GS1900 devices with firmware versions before 2.50(AAHH.0)C0.
How can this vulnerability be triggered on Zyxel GS1900 devices?
This vulnerability can be triggered on Zyxel GS1900 devices by using an undocumented sequence of keypresses.
Is there a fix available for CVE-2019-15803?
Yes, a fix is available for CVE-2019-15803. It is recommended to update the firmware of affected Zyxel GS1900 devices to version 2.50(AAHH.0)C0 or later.
- agent/softwarecombine
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zyxel
- canonical/zyxel gs1900-8 firmware
- canonical/zyxel gs1900-8
- canonical/zyxel gs1900-8hp firmware
- canonical/zyxel gs1900-8hp
- canonical/zyxel gs1900-10hp firmware
- canonical/zyxel gs1900-10hp
- canonical/zyxel gs1900-16 firmware
- canonical/zyxel gs1900-16
- canonical/zyxel gs1900-24e firmware
- canonical/zyxel gs1900-24e
- canonical/zyxel gs1900-24 firmware
- canonical/zyxel gs1900-24
- canonical/zyxel gs1900-24hp firmware
- canonical/zyxel gs1900-24hp
- canonical/zyxel gs1900-48 firmware
- canonical/zyxel gs1900-48
- canonical/zyxel gs1900-48hp firmware
- canonical/zyxel gs1900-48hp