Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7256

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.

Published

2017-09-28T01:29:00.670

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-310

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	nwa1100-n_firmware	-	Yes
Hardware	zyxel	nwa1100-n	-	No
Operating System	zyxel	nwa1100-nh_firmware	-	Yes
Hardware	zyxel	nwa1100-nh	-	No
Operating System	zyxel	nwa1121-ni_firmware	-	Yes
Hardware	zyxel	nwa1121-ni	-	No
Operating System	zyxel	nwa1123-ac_firmware	-	Yes
Hardware	zyxel	nwa1123-ac	-	No
Operating System	zyxel	nwa1123-ni_firmware	-	Yes
Hardware	zyxel	nwa1123-ni	-	No
Operating System	zyxel	p-660hn-51_firmware	-	Yes
Hardware	zyxel	p-660hn-51	-	No
Operating System	zyxel	p-663hn-51_firmware	-	Yes
Hardware	zyxel	p-663hn-51	-	No
Operating System	zyxel	vmg1312-b10a_firmware	-	Yes
Hardware	zyxel	vmg1312-b10a	-	No
Operating System	zyxel	vmg1312-b30a_firmware	-	Yes
Hardware	zyxel	vmg1312-b30a	-	No
Operating System	zyxel	vmg1312-b30b_firmware	-	Yes
Hardware	zyxel	vmg1312-b30b	-	No
Operating System	zyxel	vmg4380-b10a_firmware	-	Yes
Hardware	zyxel	vmg4380-b10a	-	No
Operating System	zyxel	vmg8324-b10a_firmware	-	Yes
Hardware	zyxel	vmg8324-b10a	-	No
Operating System	zyxel	vmg8924-b10a_firmware	-	Yes
Hardware	zyxel	vmg8924-b10a	-	No
Operating System	zyxel	vmg8924-b30a_firmware	-	Yes
Hardware	zyxel	vmg8924-b30a	-	No
Operating System	zyxel	vsg1435-b101_firmware	-	Yes
Hardware	zyxel	vsg1435-b101	-	No
Operating System	zyxel	pmg5318-b20a_firmware	-	Yes
Hardware	zyxel	pmg5318-b20a	-	No
Operating System	zyxel	sbg3300-n000_firmware	-	Yes
Hardware	zyxel	sbg3300-n000	-	No
Operating System	zyxel	sbg3300-nb00_firmware	-	Yes
Hardware	zyxel	sbg3300-nb00	-	No
Operating System	zyxel	sbg3500-n000_firmware	-	Yes
Hardware	zyxel	sbg3500-n000	-	No
Operating System	zyxel	gs1900-8_firmware	-	Yes
Hardware	zyxel	gs1900-8	-	No
Operating System	zyxel	gs1900-24_firmware	-	Yes
Hardware	zyxel	gs1900-24	-	No
Operating System	zyxel	c1000z_firmware	-	Yes
Hardware	zyxel	c1000z	-	No
Operating System	zyxel	q1000_firmware	-	Yes
Hardware	zyxel	q1000	-	No
Operating System	zyxel	fr1000z_firmware	-	Yes
Hardware	zyxel	fr1000z	-	No
Operating System	zyxel	p8702n_firmware	-	Yes
Hardware	zyxel	p8702n	-	No

References

http://www.kb.cert.org/vuls/id/566724 Third Party Advisory, US Government Resource ([email protected])
http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml Vendor Advisory ([email protected])
http://www.kb.cert.org/vuls/id/566724 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)