What is the severity of CVE-2019-15804?

The severity of CVE-2019-15804 is high with a severity value of 7.5.

How can I exploit CVE-2019-15804?

To exploit CVE-2019-15804, you can send a SIGQUIT signal to the CLI application on Zyxel GS1900 devices.

Which Zyxel GS1900 devices are affected by CVE-2019-15804?

Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0 are affected by CVE-2019-15804.

Is Zyxel GS1900-8 vulnerable to CVE-2019-15804?

No, Zyxel GS1900-8 is not vulnerable to CVE-2019-15804.

How do I fix CVE-2019-15804?

To fix CVE-2019-15804, upgrade the firmware of Zyxel GS1900 devices to version 2.50(AAHH.0)C0 or later.

Vulnerability/
CVE-2019-15804

high

7.5

14/11/2019

24/8/2020

CVE-2019-15804

First published: Thu Nov 14 2019(Updated: )

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zyxel GS1900-8 firmware	<2.50\(aahh.0\)c0
Zyxel GS1900-8
Zyxel Gs1900-8hp Firmware	<2.50\(aahi.0\)c0
Zyxel Gs1900-8hp
Zyxel Gs1900-10hp Firmware	<2.50\(aazi.0\)c0
Zyxel Gs1900-10hp
Zyxel Gs1900-16 Firmware	<2.50\(aahj.0\)c0
Zyxel Gs1900-16
Zyxel Gs1900-24e Firmware	<2.50\(aahk.0\)c0
Zyxel GS1900-24E
Zyxel Gs1900-24 Firmware	<2.50\(aahl.0\)c0
Zyxel GS1900-24
Zyxel Gs1900-24hp Firmware	<2.50\(aahm.0\)c0
Zyxel Gs1900-24hp
Zyxel Gs1900-48 Firmware	<2.50\(aahn.0\)c0
Zyxel Gs1900-48
Zyxel Gs1900-48hp Firmware	<2.50\(aaho.0\)c0
Zyxel Gs1900-48hp

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-15804?
The severity of CVE-2019-15804 is high with a severity value of 7.5.
How can I exploit CVE-2019-15804?
To exploit CVE-2019-15804, you can send a SIGQUIT signal to the CLI application on Zyxel GS1900 devices.
Which Zyxel GS1900 devices are affected by CVE-2019-15804?
Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0 are affected by CVE-2019-15804.
Is Zyxel GS1900-8 vulnerable to CVE-2019-15804?
No, Zyxel GS1900-8 is not vulnerable to CVE-2019-15804.
How do I fix CVE-2019-15804?
To fix CVE-2019-15804, upgrade the firmware of Zyxel GS1900 devices to version 2.50(AAHH.0)C0 or later.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.