CVE-2024-38270 MEDIUM

CVE-2024-38270

Vendor Zyxel
Product GS1900-10HP firmware
Weakness CWE-331
Published September 10, 2024
Last update September 10, 2024

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive.

Key dates

02Disclosure timeline

September 10, 2024 CVE published
September 10, 2024 Record updated