CVE-2019-15803 - Zyxel Gs1900-8hp Firmware, Zyxel Gs1900-24hp Firmware and Zyxel Gs1900-8 Firmware

Critical 9.1

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.

Affected software

Zyxel Gs1900-8hp Firmware

Zyxel Gs1900-24hp Firmware

Zyxel Gs1900-8 Firmware

Zyxel Gs1900-10hp Firmware

Zyxel Gs1900-16 Firmware

Zyxel Gs1900-24e Firmware

Zyxel Gs1900-24 Firmware

Zyxel Gs1900-48 Firmware

Zyxel Gs1900-48hp Firmware

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.