VYPR
Unrated severityNVD Advisory· Published Nov 14, 2019· Updated Aug 5, 2024

CVE-2019-15803

CVE-2019-15803

Description

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zyxel/GS1900 devicesdescription
  • Zyxel/GS1900-8llm-fuzzy
    Range: < 2.50(AAHH.0)C0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.