CVE-2022-34746 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2022-34746

Analyzed

More Info Official Page

Source-security@zyxel.com.tw

Published At-20 Sep, 2022 | 02:15

Updated At-22 Sep, 2022 | 12:56

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

Zyxel Networks Corporation

>>gs1900-8_firmware>>Versions before 2.70\(aahh.3\)c0(exclusive)

cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*

Zyxel Networks Corporation

cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-8hp_firmware>>Versions before 2.70\(aahi.3\)c0(exclusive)

cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-8hp>>-

cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-10hp_firmware>>Versions before 2.70\(aazi.3\)c0(exclusive)

cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-10hp>>-

cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-16_firmware>>Versions before 2.70\(aahj.3\)c0(exclusive)

cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*

Zyxel Networks Corporation

cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-24_firmware>>Versions before 2.70\(aahl.3\)c0(exclusive)

cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*

Zyxel Networks Corporation

cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-24e_firmware>>Versions before 2.70\(aahk.3\)c0(exclusive)

cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-24e>>-

cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-24ep_firmware>>Versions before 2.70\(abto.3\)c0(exclusive)

cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-24ep>>-

cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-24hpv2_firmware>>Versions before 2.70\(abtp.3\)c0(exclusive)

cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-24hpv2>>-

cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-48_firmware>>Versions before 2.70\(aahn.3\)c0(exclusive)

cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*

Zyxel Networks Corporation

cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-48hpv2_firmware>>Versions before 2.70\(abtq.3\)c0(exclusive)

cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*

Zyxel Networks Corporation

>>gs1900-48hpv2>>-

cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-331	Primary	nvd@nist.gov
CWE-331	Secondary	security@zyxel.com.tw

CWE ID: CWE-331

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-331

Type: Secondary

Source: security@zyxel.com.tw

References

Hyperlink	Source	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches	security@zyxel.com.tw	Patch Vendor Advisory

Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches

Source: security@zyxel.com.tw

Resource:

Patch

Vendor Advisory