Vulnerability Details CVE-2024-38270
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.9%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2024-38270
-
cpe:2.3:h:zyxel:gs1900-10hp:-
-
cpe:2.3:h:zyxel:gs1900-16:-
-
cpe:2.3:h:zyxel:gs1900-24:-
-
cpe:2.3:h:zyxel:gs1900-24e:-
-
cpe:2.3:h:zyxel:gs1900-24ep:-
-
cpe:2.3:h:zyxel:gs1900-24hpv2:-
-
cpe:2.3:h:zyxel:gs1900-48:-
-
cpe:2.3:h:zyxel:gs1900-48hpv2:-
-
cpe:2.3:h:zyxel:gs1900-8:-
-
cpe:2.3:h:zyxel:gs1900-8hp:-
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:-
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.50(aazi.0)c0
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.3)
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.3)c0
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.5)
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.80(aazi.0)
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.80(aazi.0)c0
-
cpe:2.3:o:zyxel:gs1900-16_firmware:-
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.50(aahj.0)c0
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.3)
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.3)c0
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.5)
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.80(aahj.0)
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.80(aahj.0)c0
-
cpe:2.3:o:zyxel:gs1900-24_firmware:-
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.50(aahl.0)c0
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.3)
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.3)c0
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.5)
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.80(aahl.0)
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.80(aahl.0)c0
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.80(aahl.1)c0
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:-
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.50(aahk.0)c0
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.3)
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.3)c0
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.5)
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.80(aahk.0)
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.80(aahk.0)c0
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.80(aahk.1)c0
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.3)
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.3)c0
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.5)
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.80(abto.0)
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.80(abto.0)c0
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(aatp.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(abtp.3)
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(abtp.3)c0
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(abtp.5)
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.80(abtp.0)
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.80(abtp.0)c0
-
cpe:2.3:o:zyxel:gs1900-48_firmware:-
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.50(aahn.0)c0
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.3)
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.3)c0
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.5)
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.80(aahn.0)
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.80(aahn.0)c0
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.3)
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.3)c0
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.5)
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.80(abtq.0)
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.80(abtq.0)c0
-
cpe:2.3:o:zyxel:gs1900-8_firmware:-
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.50(aaho.0)c0
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.3)
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.3)c0
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.5)
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.80(aahh.0)
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.80(aahh.0)c0
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:-
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.50(aahi.0)c0
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.3)
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.3)c0
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.5)
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.80(aahi.0)
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.80(aahi.0)c0