Zywall 110 Firmware
CVE-2018-9129
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections.
AnalysisAI
ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Technical ContextAI
ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. Affected products include: Zyxel Zywall 110 Firmware, Zyxel Zywall 1100 Firmware, Zyxel Zywall 310 Firmware, Zyxel Zywall Vpn 50 Firmware, Zyxel Zywall Vpn 100 Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Zywall 110 Firmware
View allAn authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attack
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, U
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versio
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today