Description

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.

Related CPE's

o

zyxel

gs1900-8_firmware

Vulnerable

h

zyxel

gs1900-8

-

o

zyxel

gs1900-8hp_firmware

Vulnerable

h

zyxel

gs1900-8hp

-

o

zyxel

gs1900-10hp_firmware

Vulnerable

h

zyxel

gs1900-10hp

-

o

zyxel

gs1900-16_firmware

Vulnerable

h

zyxel

gs1900-16

-

o

zyxel

gs1900-24_firmware

Vulnerable

h

zyxel

gs1900-24

-

o

zyxel

gs1900-24e_firmware

Vulnerable

h

zyxel

gs1900-24e

-

o

zyxel

gs1900-24ep_firmware

Vulnerable

h

zyxel

gs1900-24ep

-

o

zyxel

gs1900-24hpv2_firmware

Vulnerable

h

zyxel

gs1900-24hpv2

-

o

zyxel

gs1900-48_firmware

Vulnerable

h

zyxel

gs1900-48

-

o

zyxel

gs1900-48hpv2_firmware

Vulnerable

h

zyxel

gs1900-48hpv2

-

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-331

[email protected]

Secondary
CWE-331

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.9 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-09-20T02:15:08.640

2 years ago

Last modified

2022-09-22T12:56:18.887

2 years ago