An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
22 Sep 2022, 12:56
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-331 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
First Time |
Zyxel gs1900-24hpv2
Zyxel gs1900-8 Zyxel gs1900-16 Firmware Zyxel gs1900-48hpv2 Firmware Zyxel Zyxel gs1900-8hp Zyxel gs1900-24ep Firmware Zyxel gs1900-48hpv2 Zyxel gs1900-10hp Firmware Zyxel gs1900-24 Firmware Zyxel gs1900-48 Firmware Zyxel gs1900-16 Zyxel gs1900-24hpv2 Firmware Zyxel gs1900-24e Zyxel gs1900-10hp Zyxel gs1900-24 Zyxel gs1900-8 Firmware Zyxel gs1900-24e Firmware Zyxel gs1900-48 Zyxel gs1900-8hp Firmware Zyxel gs1900-24ep |
|
References | (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:* |
20 Sep 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-20 02:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-34746
Mitre link : CVE-2022-34746
CVE.ORG link : CVE-2022-34746
JSON object : View
Products Affected
zyxel
- gs1900-10hp
- gs1900-48hpv2
- gs1900-8_firmware
- gs1900-16_firmware
- gs1900-24hpv2_firmware
- gs1900-8hp
- gs1900-24_firmware
- gs1900-8hp_firmware
- gs1900-24ep_firmware
- gs1900-8
- gs1900-48
- gs1900-24e
- gs1900-24ep
- gs1900-24
- gs1900-48hpv2_firmware
- gs1900-16
- gs1900-24e_firmware
- gs1900-48_firmware
- gs1900-24hpv2
- gs1900-10hp_firmware
CWE
CWE-331
Insufficient Entropy