CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
84.8%
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.
Vendor | Product | Version | CPE |
---|---|---|---|
zyxel | gs1900-8_firmware | * | cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:* |
zyxel | gs1900-8 | - | cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:* |
zyxel | gs1900-8hp_firmware | * | cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:* |
zyxel | gs1900-8hp | - | cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:* |
zyxel | gs1900-10hp_firmware | * | cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:* |
zyxel | gs1900-10hp | - | cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:* |
zyxel | gs1900-16_firmware | * | cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:* |
zyxel | gs1900-16 | - | cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:* |
zyxel | gs1900-24e_firmware | * | cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:* |
zyxel | gs1900-24e | - | cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
84.8%