zyxel pmg5318-b20a_firmware Security Vulnerabilities

4 Vulnerabilities

Description
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. Impacted versions: * Base Score: 10.0, Severity: HIGH, ID: CVE-2015-6018, Last Modified: 2017-09-15T01:29:00Z References US Government Resource US Government Resource
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. Impacted versions: v100aanc0b5 Base Score: 8.3, Severity: HIGH, ID: CVE-2015-6020, Last Modified: 2016-12-07T18:17:00Z References Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. Impacted versions: v100aanc0b5 Base Score: 10.0, Severity: HIGH, ID: CVE-2015-6016, Last Modified: 2016-12-07T18:17:00Z References Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory
<a href="http://cwe.mitre.org/data/definitions/330.html">CWE-330: Use of Insufficiently Random Values</a>~The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. Impacted versions: v100aanc0b5 Base Score: 5.0, Severity: MEDIUM, ID: CVE-2015-6019, Last Modified: 2016-12-07T18:17:00Z References Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory

Description

The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.

Impacted versions: *

Base Score: 10.0, Severity: HIGH, ID: CVE-2015-6018, Last Modified: 2017-09-15T01:29:00Z

References

US Government Resource US Government Resource

ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account.

Impacted versions: v100aanc0b5

Base Score: 8.3, Severity: HIGH, ID: CVE-2015-6020, Last Modified: 2016-12-07T18:17:00Z

References

Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory

ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors.

Impacted versions: v100aanc0b5

Base Score: 10.0, Severity: HIGH, ID: CVE-2015-6016, Last Modified: 2016-12-07T18:17:00Z

References

Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory

<a href="http://cwe.mitre.org/data/definitions/330.html">CWE-330: Use of Insufficiently Random Values</a>~The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Impacted versions: v100aanc0b5

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2015-6019, Last Modified: 2016-12-07T18:17:00Z

References

Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.