CVE-2019-15801
HIGHZyxel GS1900 Series Firmware < 2.50 - Use of Hard-coded Credentials in libfds.so
Title source: llmDescription
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html
Vendor Advisory x_refsource_confirm
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
52.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-798
Status
published
Products (9)
zyxel/gs1900-10hp_firmware
< 2.50\(aazi.0\)c0
zyxel/gs1900-16_firmware
< 2.50\(aahj.0\)c0
zyxel/gs1900-24_firmware
< 2.50\(aahl.0\)c0
zyxel/gs1900-24e_firmware
< 2.50\(aahk.0\)c0
zyxel/gs1900-24hp_firmware
< 2.50\(aahm.0\)c0
zyxel/gs1900-48_firmware
< 2.50\(aahn.0\)c0
zyxel/gs1900-48hp_firmware
< 2.50\(aaho.0\)c0
zyxel/gs1900-8_firmware
< 2.50\(aahh.0\)c0
zyxel/gs1900-8hp_firmware
< 2.50\(aahi.0\)c0
Published
Nov 14, 2019
Tracked Since
Feb 18, 2026