First published: Tue Sep 20 2022(Updated: )
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.
Credit: security@zyxel.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Zyxel GS1900-8 firmware | <2.70\(aahh.3\)c0 | |
Zyxel GS1900-8 | ||
Zyxel Gs1900-8hp Firmware | <2.70\(aahi.3\)c0 | |
Zyxel Gs1900-8hp | ||
Zyxel GS1900-10HP firmware | <2.70\(aazi.3\)c0 | |
Zyxel GS1900-10HP | ||
Zyxel Gs1900-16 Firmware | <2.70\(aahj.3\)c0 | |
Zyxel Gs1900-16 | ||
Zyxel Gs1900-24 Firmware | <2.70\(aahl.3\)c0 | |
Zyxel GS1900-24 | ||
Zyxel Gs1900-24e Firmware | <2.70\(aahk.3\)c0 | |
Zyxel GS1900-24E | ||
Zyxel Gs1900-24ep Firmware | <2.70\(abto.3\)c0 | |
Zyxel GS1900-24EP | ||
Zyxel Gs1900-24hpv2 Firmware | <2.70\(abtp.3\)c0 | |
Zyxel Gs1900-24hpv2 | ||
Zyxel Gs1900-48 Firmware | <2.70\(aahn.3\)c0 | |
Zyxel GS1900-48 | ||
Zyxel Gs1900-48hpv2 Firmware | <2.70\(abtq.3\)c0 | |
Zyxel Gs1900-48hpv2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this security issue is CVE-2022-34746.
The severity level of the CVE-2022-34746 vulnerability is medium (5.9).
Zyxel GS1900 series firmware versions prior to V2.70 are affected by this vulnerability.
An unauthenticated attacker can exploit this vulnerability to retrieve a private key by factoring the insufficiently generated RSA key pair.
Yes, a fix is available for the CVE-2022-34746 vulnerability. It is recommended to update to firmware version V2.70 or higher.