An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-14T20:15:46
Updated: 2024-08-05T00:56:22.466Z
Reserved: 2019-08-29T00:00:00
Link: CVE-2019-15804
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-11-14T21:15:11.953
Modified: 2024-11-21T04:29:30.103
Link: CVE-2019-15804
Redhat
No data.