1. CVE-Search
  2. CVE-2015-7256
ID CVE-2015-7256
Summary ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.
References
Vulnerable Configurations
  • cpe:2.3:o:zyxel:nwa1100-n_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:nwa1100-n_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:nwa1100-n:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:nwa1100-n:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:nwa1100-nh_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:nwa1100-nh_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:nwa1100-nh:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:nwa1100-nh:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:nwa1121-ni_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:nwa1121-ni_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:nwa1121-ni:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:nwa1121-ni:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:nwa1123-ac_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:nwa1123-ac_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:nwa1123-ac:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:nwa1123-ac:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:nwa1123-ni_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:nwa1123-ni_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:nwa1123-ni:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:nwa1123-ni:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:p-660hn-51_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:p-660hn-51_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:p-660hn-51:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:p-660hn-51:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:p-663hn-51_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:p-663hn-51_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:p-663hn-51:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:p-663hn-51:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:vmg1312-b10a_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:vmg1312-b10a_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:vmg1312-b10a:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:vmg1312-b10a:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:vmg1312-b30a_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:vmg1312-b30a_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:vmg1312-b30a:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:vmg1312-b30a:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:vmg1312-b30b_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:vmg1312-b30b_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:vmg1312-b30b:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:vmg1312-b30b:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:vmg4380-b10a_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:vmg4380-b10a_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:vmg4380-b10a:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:vmg4380-b10a:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:vmg8324-b10a_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:vmg8324-b10a_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:vmg8924-b10a_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:vmg8924-b10a_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:vmg8924-b10a:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:vmg8924-b10a:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:vmg8924-b30a_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:vmg8924-b30a_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:vmg8924-b30a:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:vmg8924-b30a:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:vsg1435-b101_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:vsg1435-b101_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:vsg1435-b101:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:vsg1435-b101:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:pmg5318-b20a_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:pmg5318-b20a_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:pmg5318-b20a:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:pmg5318-b20a:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:sbg3300-n000_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:sbg3300-n000_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:sbg3300-n000:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:sbg3300-n000:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:sbg3300-nb00_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:sbg3300-nb00_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:sbg3300-nb00:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:sbg3300-nb00:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:sbg3500-n000_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:sbg3500-n000_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:sbg3500-n000:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:sbg3500-n000:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:gs1900-8_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:gs1900-8_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:gs1900-24_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:gs1900-24_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:c1000z_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:c1000z_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:c1000z:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:c1000z:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:q1000_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:q1000_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:q1000:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:q1000:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:fr1000z_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:fr1000z_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:fr1000z:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:fr1000z:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:p8702n_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:p8702n_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:p8702n:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:p8702n:-:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-10-2017 - 17:59)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
cert-vn VU#566724
confirm http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml
Last major update 11-10-2017 - 17:59
Published 28-09-2017 - 01:29
Last modified 11-10-2017 - 17:59
Back to Top