CVE-2022-34746

MEDIUM Year: 2022
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-331
View all →

Vulnerability Description

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.

Related Vulnerabilities

CVE-2016-2564

MEDIUM
CVSS:5.9(Medium)

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board ...

CWE-3312016

CVE-2023-26154

MEDIUM
CVSS:5.9(Medium)

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of ...

CWE-3312023

CVE-2023-36610

MEDIUM
CVSS:5.9(Medium)

​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token ar...

CWE-3312023

CVE-2024-26329

MEDIUM
CVSS:6.2(Medium)

Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG in ChilkatRand::randomBytes function.

CWE-3312024

CVE-2017-2625

MEDIUM
CVSS:5.5(Medium)

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from...

CWE-3312017

CVE-2017-2626

MEDIUM
CVSS:5.5(Medium)

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the proce...

CWE-3312017