CVE-2015-7256

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.

CVSS v3.0 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml	Vendor Advisory
http://www.kb.cert.org/vuls/id/566724	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:nwa1100-n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa1100-n:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:nwa1100-nh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa1100-nh:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zyxel:nwa1121-ni_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa1121-ni:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:zyxel:nwa1123-ac_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa1123-ac:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:zyxel:nwa1123-ni_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa1123-ni:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zyxel:p-660hn-51_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:p-660hn-51:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:zyxel:p-663hn-51_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:p-663hn-51:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:zyxel:vmg1312-b10a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg1312-b10a:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:zyxel:vmg1312-b30a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg1312-b30a:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:zyxel:vmg1312-b30b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg1312-b30b:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:zyxel:vmg4380-b10a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg4380-b10a:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:zyxel:vmg8324-b10a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:zyxel:vmg8924-b10a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8924-b10a:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:zyxel:vmg8924-b30a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8924-b30a:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:zyxel:vsg1435-b101_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vsg1435-b101:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:zyxel:pmg5318-b20a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5318-b20a:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:zyxel:sbg3300-n000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:sbg3300-n000:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:zyxel:sbg3300-nb00_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:sbg3300-nb00:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:zyxel:sbg3500-n000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:sbg3500-n000:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:zyxel:gs1900-8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:zyxel:gs1900-24_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:zyxel:c1000z_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:c1000z:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:zyxel:q1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:q1000:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:zyxel:fr1000z_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:fr1000z:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:zyxel:p8702n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:p8702n:-:*:*:*:*:*:*:*

Information

Published : 2017-09-27 18:29

Updated : 2017-10-11 10:59

NVD link : CVE-2015-7256

Mitre link : CVE-2015-7256

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

zyxel

c1000z
p8702n
sbg3300-nb00_firmware
nwa1100-n
pmg5318-b20a_firmware
vmg8924-b30a_firmware
p-660hn-51
vmg8924-b30a
nwa1100-nh
nwa1123-ni
sbg3300-n000
vmg1312-b10a
p-663hn-51_firmware
gs1900-24
vmg1312-b30a
vmg1312-b30a_firmware
vmg8324-b10a_firmware
vmg4380-b10a_firmware
pmg5318-b20a
nwa1123-ni_firmware
nwa1121-ni_firmware
vmg8924-b10a_firmware
q1000_firmware
p8702n_firmware
nwa1121-ni
vmg8324-b10a
nwa1123-ac_firmware
vsg1435-b101_firmware
vmg4380-b10a
gs1900-24_firmware
p-663hn-51
vmg1312-b30b
vsg1435-b101
sbg3500-n000
fr1000z
vmg1312-b10a_firmware
gs1900-8_firmware
vmg8924-b10a
nwa1100-nh_firmware
sbg3500-n000_firmware
q1000
fr1000z_firmware
nwa1100-n_firmware
sbg3300-n000_firmware
p-660hn-51_firmware
gs1900-8
nwa1123-ac
vmg1312-b30b_firmware
sbg3300-nb00
c1000z_firmware

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2015-7256

5.9^/10

4.3^/10

Attach tags to `CVE-2015-7256`