CVE-2019-15804
First published: Thu Nov 14 2019(Updated: )
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel GS1900-8 firmware | <2.50\(aahh.0\)c0 | |
| Zyxel GS1900-8 | ||
| Zyxel Gs1900-8hp Firmware | <2.50\(aahi.0\)c0 | |
| Zyxel Gs1900-8hp | ||
| Zyxel GS1900-10HP firmware | <2.50\(aazi.0\)c0 | |
| Zyxel GS1900-10HP | ||
| Zyxel Gs1900-16 Firmware | <2.50\(aahj.0\)c0 | |
| Zyxel Gs1900-16 | ||
| Zyxel Gs1900-24e Firmware | <2.50\(aahk.0\)c0 | |
| Zyxel GS1900-24E | ||
| Zyxel Gs1900-24 Firmware | <2.50\(aahl.0\)c0 | |
| Zyxel GS1900-24 | ||
| Zyxel Gs1900-24hp Firmware | <2.50\(aahm.0\)c0 | |
| Zyxel Gs1900-24hp | ||
| Zyxel Gs1900-48 Firmware | <2.50\(aahn.0\)c0 | |
| Zyxel GS1900-48 | ||
| Zyxel Gs1900-48hp Firmware | <2.50\(aaho.0\)c0 | |
| Zyxel Gs1900-48hp |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-15804?
The severity of CVE-2019-15804 is high with a severity value of 7.5.
How can I exploit CVE-2019-15804?
To exploit CVE-2019-15804, you can send a SIGQUIT signal to the CLI application on Zyxel GS1900 devices.
Which Zyxel GS1900 devices are affected by CVE-2019-15804?
Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0 are affected by CVE-2019-15804.
Is Zyxel GS1900-8 vulnerable to CVE-2019-15804?
No, Zyxel GS1900-8 is not vulnerable to CVE-2019-15804.
How do I fix CVE-2019-15804?
To fix CVE-2019-15804, upgrade the firmware of Zyxel GS1900 devices to version 2.50(AAHH.0)C0 or later.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zyxel
- canonical/zyxel gs1900-8 firmware
- canonical/zyxel gs1900-8
- canonical/zyxel gs1900-8hp firmware
- canonical/zyxel gs1900-8hp
- canonical/zyxel gs1900-10hp firmware
- canonical/zyxel gs1900-10hp
- canonical/zyxel gs1900-16 firmware
- canonical/zyxel gs1900-16
- canonical/zyxel gs1900-24e firmware
- canonical/zyxel gs1900-24e
- canonical/zyxel gs1900-24 firmware
- canonical/zyxel gs1900-24
- canonical/zyxel gs1900-24hp firmware
- canonical/zyxel gs1900-24hp
- canonical/zyxel gs1900-48 firmware
- canonical/zyxel gs1900-48
- canonical/zyxel gs1900-48hp firmware
- canonical/zyxel gs1900-48hp