Medium severity5.9NVD Advisory· Published Sep 28, 2017· Updated May 13, 2026

CVE-2015-7256

Description

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple ZyXEL devices use non-unique X.509 certificates and SSH host keys, enabling impersonation, man-in-the-middle, or passive decryption attacks.

Vulnerability

Multiple ZyXEL devices, including access points (NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, NWA1123-NI), DSL CPEs (P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, VSG1435-B101), GPONs (PMG5318-B20A), small business gateways (SBG3300-N000, SBG3300-NB00, SBG3500-N000), switches (GS1900-8, GS1900-24), and project models (C1000Z, Q1000, FR1000Z, P8702N), use non-unique X.509 certificates and SSH host keys. This is a case of CWE-321: Use of Hard-coded Cryptographic Key. Affected firmware images contain identical keys or certificates across instances, often across product lines or even vendors due to common SDKs or OEM firmware [1].

Exploitation

An attacker with network access can perform impersonation, man-in-the-middle, or passive decryption attacks without authentication. No special privileges or user interaction is required beyond being on the network path. The attacker can obtain the hard-coded keys from any device of the same model or from unpacked firmware, then use them to impersonate another device, intercept traffic, or decrypt captured communications [1].

Impact

Successful exploitation allows a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks. This can lead to exposure of sensitive information, including credentials and other data transmitted over supposedly secure channels. The compromise scope is network-level, affecting confidentiality and integrity of communications [1].

Mitigation

As of the available reference, the CERT/CC is unaware of a practical solution for most affected devices. Some vendors may provide updates or guidance, but no specific fixed version or release date is disclosed. Users are encouraged to check vendor information pages for individual products. If no fix exists, replacing the device or limiting network exposure may be considered [1].

References

CERT/CC Vulnerability Note VU#566724

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Zyxel/C1000z Firmware
cpe:2.3:o:zyxel:c1000z_firmware:-:*:*:*:*:*:*:*
Zyxel/Fr1000z Firmware
cpe:2.3:o:zyxel:fr1000z_firmware:-:*:*:*:*:*:*:*
Zyxel/Gs1900 24 Firmware
cpe:2.3:o:zyxel:gs1900-24_firmware:-:*:*:*:*:*:*:*
Zyxel/Gs1900 8 Firmware
cpe:2.3:o:zyxel:gs1900-8_firmware:-:*:*:*:*:*:*:*
Zyxel/Nwa1100 N Firmware
cpe:2.3:o:zyxel:nwa1100-n_firmware:-:*:*:*:*:*:*:*
Zyxel/Nwa1100 Nh Firmware
cpe:2.3:o:zyxel:nwa1100-nh_firmware:-:*:*:*:*:*:*:*
Zyxel/Nwa1121 Ni Firmware
cpe:2.3:o:zyxel:nwa1121-ni_firmware:-:*:*:*:*:*:*:*
Zyxel/Nwa1123 Ac Firmware
cpe:2.3:o:zyxel:nwa1123-ac_firmware:-:*:*:*:*:*:*:*
Zyxel/Nwa1123 Ni Firmware
cpe:2.3:o:zyxel:nwa1123-ni_firmware:-:*:*:*:*:*:*:*
Zyxel/P 660hn 51 Firmware2 versions
cpe:2.3:o:zyxel:p-660hn-51_firmware:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:zyxel:p-660hn-51_firmware:-:*:*:*:*:*:*:*
- (no CPE)
Zyxel/P 663hn 51 Firmware
cpe:2.3:o:zyxel:p-663hn-51_firmware:-:*:*:*:*:*:*:*
Zyxel/P8702n Firmware
cpe:2.3:o:zyxel:p8702n_firmware:-:*:*:*:*:*:*:*
Zyxel/Pmg5318 B20a Firmware
cpe:2.3:o:zyxel:pmg5318-b20a_firmware:-:*:*:*:*:*:*:*
Zyxel/Q1000 Firmware
cpe:2.3:o:zyxel:q1000_firmware:-:*:*:*:*:*:*:*
Zyxel/Sbg3300 N000 Firmware
cpe:2.3:o:zyxel:sbg3300-n000_firmware:-:*:*:*:*:*:*:*
Zyxel/Sbg3300 Nb00 Firmware
cpe:2.3:o:zyxel:sbg3300-nb00_firmware:-:*:*:*:*:*:*:*
Zyxel/Sbg3500 N000 Firmware
cpe:2.3:o:zyxel:sbg3500-n000_firmware:-:*:*:*:*:*:*:*
Zyxel/Vmg1312 B10a Firmware
cpe:2.3:o:zyxel:vmg1312-b10a_firmware:-:*:*:*:*:*:*:*
Zyxel/Vmg1312 B30a Firmware
cpe:2.3:o:zyxel:vmg1312-b30a_firmware:-:*:*:*:*:*:*:*
Zyxel/Vmg1312 B30b Firmware
cpe:2.3:o:zyxel:vmg1312-b30b_firmware:-:*:*:*:*:*:*:*
Zyxel/Vmg4380 B10a Firmware
cpe:2.3:o:zyxel:vmg4380-b10a_firmware:-:*:*:*:*:*:*:*
Zyxel/Vmg8324 B10a Firmware
cpe:2.3:o:zyxel:vmg8324-b10a_firmware:-:*:*:*:*:*:*:*
Zyxel/Vmg8924 B10a Firmware
cpe:2.3:o:zyxel:vmg8924-b10a_firmware:-:*:*:*:*:*:*:*
Zyxel/Vmg8924 B30a Firmware
cpe:2.3:o:zyxel:vmg8924-b30a_firmware:-:*:*:*:*:*:*:*
Zyxel/Vsg1435 B101 Firmware
cpe:2.3:o:zyxel:vsg1435-b101_firmware:-:*:*:*:*:*:*:*
Zyxel/NWA1100-Nllm-fuzzy
Zyxel/GS1900-48llm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/566724nvdThird Party AdvisoryUS Government Resource
www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtmlnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000