PT-2015-3209 · Zyxel · Zyxel Pmg5318-B20A

Karn Ganeshen

Published

2015-12-31

Updated

2016-12-07

CVE-2015-6019

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ZyXEL PMG5318-B20A version 1.00AANC0b5

Description The issue exists due to the management portal not terminating sessions after a logout action. This allows a remote attacker to bypass access restrictions by leveraging an unattended workstation.

Recommendations For version 1.00AANC0b5, ensure that sessions are properly terminated after logout to prevent unauthorized access. As a temporary workaround, consider manually terminating sessions or restricting access to the management portal when not in use.

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330

Related Identifiers

BDU:2016-00929

CVE-2015-6019

Affected Products

Zyxel Pmg5318-B20A

PT-2015-3209 · Zyxel · Zyxel Pmg5318-B20A

CVE-2015-6019

Weakness Enumeration

Related Identifiers

Affected Products

References · 5