CVE-2015-7256

Severity CVSS v4.0:

Pending analysis

Type:

CWE-310 Cryptographic Issues

Publication date:

28/09/2017

Last modified:

20/04/2025

Description

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.

Impact

Vector 3.x

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 5.90 MEDIUM
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None

Base Score 3.x

5.90

Severity 3.x

MEDIUM

Vector 2.0

AV:N/AC:M/Au:N/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 4.30 MEDIUM
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0

4.30

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:zyxel:nwa1100-n_firmware:-:::::::*
cpe:2.3:h:zyxel:nwa1100-n:-:::::::*
cpe:2.3:o:zyxel:nwa1100-nh_firmware:-:::::::*
cpe:2.3:h:zyxel:nwa1100-nh:-:::::::*
cpe:2.3:o:zyxel:nwa1121-ni_firmware:-:::::::*
cpe:2.3:h:zyxel:nwa1121-ni:-:::::::*
cpe:2.3:o:zyxel:nwa1123-ac_firmware:-:::::::*
cpe:2.3:h:zyxel:nwa1123-ac:-:::::::*
cpe:2.3:o:zyxel:nwa1123-ni_firmware:-:::::::*
cpe:2.3:h:zyxel:nwa1123-ni:-:::::::*
cpe:2.3:o:zyxel:p-660hn-51_firmware:-:::::::*
cpe:2.3:h:zyxel:p-660hn-51:-:::::::*
cpe:2.3:o:zyxel:p-663hn-51_firmware:-:::::::*
cpe:2.3:h:zyxel:p-663hn-51:-:::::::*
cpe:2.3:o:zyxel:vmg1312-b10a_firmware:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:zyxel:nwa1100-n_firmware:-:::::::*
cpe:2.3:h:zyxel:nwa1100-n:-:::::::*
cpe:2.3:o:zyxel:nwa1100-nh_firmware:-:::::::*
cpe:2.3:h:zyxel:nwa1100-nh:-:::::::*
cpe:2.3:o:zyxel:nwa1121-ni_firmware:-:::::::*
cpe:2.3:h:zyxel:nwa1121-ni:-:::::::*
cpe:2.3:o:zyxel:nwa1123-ac_firmware:-:::::::*
cpe:2.3:h:zyxel:nwa1123-ac:-:::::::*
cpe:2.3:o:zyxel:nwa1123-ni_firmware:-:::::::*
cpe:2.3:h:zyxel:nwa1123-ni:-:::::::*
cpe:2.3:o:zyxel:p-660hn-51_firmware:-:::::::*
cpe:2.3:h:zyxel:p-660hn-51:-:::::::*
cpe:2.3:o:zyxel:p-663hn-51_firmware:-:::::::*
cpe:2.3:h:zyxel:p-663hn-51:-:::::::*
cpe:2.3:o:zyxel:vmg1312-b10a_firmware:-:::::::*

CVE-2015-7256

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools