CVE-2019-15803

Name of the Vulnerable Software and Affected Versions Zyxel GS1900 devices with firmware prior to 2.50(AAHH.0)C0

Description An issue was discovered in Zyxel GS1900 devices, where an undocumented sequence of keypresses triggers undocumented functionality. This includes access to a diagnostics shell via CTRL-ALT-t, which prompts for a password returned by the fds sys passDebugPasswd ret() function. The firmware contains access control checks, but the function fds sys remoteDebugEnable ret in libfds.so always returns TRUE without performing actual checks. This allows for reading and writing arbitrary registers and configuration parameters related to network interface chips. The vulnerability in the fds sys passDebugPasswd ret() function of the libfds.so library is due to insufficient input validation, which can be exploited by a remote attacker to elevate privileges.

Recommendations For Zyxel GS1900 devices with firmware prior to 2.50(AAHH.0)C0, update the firmware to version 2.50(AAHH.0)C0 or later to resolve the issue. As a temporary workaround, consider restricting access to the diagnostics menu and the fds sys passDebugPasswd ret() function to minimize the risk of exploitation. Additionally, restrict access to the libfds.so library and its functions, such as fds sys remoteDebugEnable ret, to prevent unauthorized access.