CVE-2022-45853

Published: May 30, 2023Modified: Jan 10, 2025

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.

Affected (10)

Products: Zyxel: Gs1900 8 Firmware, Gs1900 8hp Firmware, Gs1900 10hp Firmware, Gs1900 16 Firmware, Gs1900 24 Firmware, Gs1900 24e Firmware, Gs1900 24ep Firmware, Gs1900 24hpv2 Firmware, Gs1900 48 Firmware, Gs1900 48hpv2 Firmware

10 products

Gs1900 24hpv2 Firmware

Gs1900 48 Firmware

Gs1900 48hpv2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 8 Firmware	Version 2.70(aahh.3)

Running on/with	Platform Versions
Zyxel Gs1900 8	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 8hp Firmware	Version 2.70(aahi.3)

Running on/with	Platform Versions
Zyxel Gs1900 8hp	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 10hp Firmware	Version 2.70(aazi.3)

Running on/with	Platform Versions
Zyxel Gs1900 10hp	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 16 Firmware	Version 2.70(aahj.3)

Running on/with	Platform Versions
Zyxel Gs1900 16	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 24 Firmware	Version 2.70(aahl.3)

Running on/with	Platform Versions
Zyxel Gs1900 24	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 24e Firmware	Version 2.70(aahk.3)

Running on/with	Platform Versions
Zyxel Gs1900 24e	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 24ep Firmware	Version 2.70(abto.3)

Running on/with	Platform Versions
Zyxel Gs1900 24ep	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 24hpv2 Firmware	Version 2.70(abtp.3)

Running on/with	Platform Versions
Zyxel Gs1900 24hpv2	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 48 Firmware	Version 2.70(aahn.3)

Running on/with	Platform Versions
Zyxel Gs1900 48	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 48hpv2 Firmware	Version 2.70(abtq.3)

Running on/with	Platform Versions
Zyxel Gs1900 48hpv2	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches

Source: security@zyxel.com.tw

Vendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.