FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2022-34746

Insufficient Entropy (CWE-331)

Published: Sep 20, 2022 / Updated: 26mo ago

010
CVSS 5.9EPSS 0.07%Medium
CVE info copied to clipboard

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2022-34746. See article

Sep 20, 2022 at 1:57 AM / twitter.com
EPSS

EPSS Score was set to: 0.07% (Percentile: 30.2%)

Sep 18, 2023 at 8:49 PM
Static CVE Timeline Graph

Affected Systems

Zyxel/gs1900-10hp_firmware
+null more

Patches

www.zyxel.com
+null more

Attack Patterns

CAPEC-59: Session Credential Falsification through Prediction
+null more

News

Live-Hack-CVE/CVE-2022-34746: An insufficient entropy vulnerability caused by the improper use of randomness ... - GitHub
"hack site:github.com" - Google News / 22mo
Live-Hack-CVE/CVE-2022-34746: An insufficient entropy vulnerability caused by the improper use of randomness ... GitHub
Insufficient Entropy in Zyxel GS1900 series switches
Security feed from CyberSecurity Help / 26mo
A remote attacker can retrieve a private key. The vulnerability allows a remote attacker to gain access to sensitive information on the system.
CVE-2022-34746
Latest security vulnerabilities / 26mo
- CVSS Scores & Vulnerability Types If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores.
🚨 NEW: CVE-2022-34746 🚨 An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior t... (click for more) https://nvd.nist.gov/vuln/detail/CVE-2022-34746
Threat Intel Center / @threatintelctr / 26mo
🚨 NEW: CVE-2022-34746 🚨 An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior t... (click for more) nvd.nist.gov/vuln/detail/CVE…
🚨 NEW: CVE-2022-34746 🚨 An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior t... (click for more) https://nvd.nist.gov/vuln/detail/CVE-2022-34746
Threat Intel Center / @threatintelctr / 26mo
🚨 NEW: CVE-2022-34746 🚨 An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior t... (click for more) nvd.nist.gov/vuln/detail/CVE…
See 12 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:High
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

CVSS 5.9(34617)CWE-331(86)Zyxel(259)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial