How severe is CVE-2019-15800?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-15800?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2019-15800 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)

Related Vulnerabilities

CVE-1999-0043

CRITICAL

CVSS:9.8(Critical)

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

CWE-781999

CVE-2005-10003

MEDIUM

CVSS:9.8(Critical)

A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possib...

CWE-782005

CVE-2011-2195

CRITICAL

CVSS:9.8(Critical)

A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument ...

CWE-782011

CVE-2011-2523

CRITICAL

CVSS:9.8(Critical)

vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.

CWE-782011

CVE-2012-5878

CRITICAL

CVSS:9.8(Critical)

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (...

CWE-782012

CVE-2013-1599

CRITICAL

CVSS:9.8(Critical)

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-110...

CWE-782013