CVE-2022-34746

N/A

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

信息熵不充分

Zyxel GS1900 安全特征问题特征问题漏洞

Zyxel GS1900是中国台湾合勤（Zyxel）公司的一款管理型交换机。 Zyxel GS1900 系列 V2.70之前版本存在安全特征问题漏洞，该漏洞源于不正确的使用低熵随机源生成RSA密钥。攻击者利用该漏洞通过在web管理界面的证书中考虑RSA模数N来检索私钥。

N/A

N/A