Unrated severityNVD Advisory· Published Nov 14, 2019· Updated Aug 5, 2024
CVE-2019-15804
CVE-2019-15804
Description
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zyxel/GS1900 devicesdescription
Patches
Vulnerability mechanics
References
2- jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.htmlmitrex_refsource_MISC
- www.zyxel.com/support/gs1900-switch-vulnerabilities.shtmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.