Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-15815

ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges.

Published

2019-11-12T18:15:11.173

Last Modified

2024-11-21T04:29:31.457

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	2.00\(abbx.3\)	-	Yes
Hardware	zyxel	p-1302-t10d	3.0	No

References

https://www.zyxel.com/support/P1302-T10D-v3-modem-insecure-direct-object-reference-vulnerability.shtml Patch, Vendor Advisory ([email protected])
https://www.zyxel.com/support/P1302-T10D-v3-modem-insecure-direct-object-reference-vulnerability.shtml Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)