Description
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/566724
Vendor Advisory x_refsource_confirm
http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml
Scores
CVSS v3
5.9
EPSS
0.0013
EPSS Percentile
31.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-310
Status
published
Products (25)
zyxel/c1000z_firmware
zyxel/fr1000z_firmware
zyxel/gs1900-24_firmware
zyxel/gs1900-8_firmware
zyxel/nwa1100-n_firmware
zyxel/nwa1100-nh_firmware
zyxel/nwa1121-ni_firmware
zyxel/nwa1123-ac_firmware
zyxel/nwa1123-ni_firmware
zyxel/p-660hn-51_firmware
... and 15 more
Published
Sep 28, 2017
Tracked Since
Feb 18, 2026