CVE-2023-35140

Published: Nov 7, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: security@zyxel.com.tw (Secondary)

Description

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.

Affected (10)

Products: Zyxel: Gs1900 48hpv2 Firmware, Gs1900 48 Firmware, Gs1900 24hpv2 Firmware, Gs1900 24ep Firmware, Gs1900 24e Firmware, Gs1900 24 Firmware, Gs1900 16 Firmware, Gs1900 10hp Firmware, Gs1900 8hp Firmware, Gs1900 8 Firmware

Zyxel

10 products

Gs1900 48hpv2 Firmware

Gs1900 48 Firmware

Gs1900 24hpv2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 48hpv2 Firmware	Up to 2.70\(abtq.5\)

Running on/with	Platform Versions
Zyxel Gs1900 48hpv2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 48 Firmware	Up to 2.70\(aahn.5\)

Running on/with	Platform Versions
Zyxel Gs1900 48	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 24hpv2 Firmware	Up to 2.70\(abtp.5\)

Running on/with	Platform Versions
Zyxel Gs1900 24hpv2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 24ep Firmware	Up to 2.70\(abto.5\)

Running on/with	Platform Versions
Zyxel Gs1900 24ep	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 24e Firmware	Up to 2.70\(aahk.5\)

Running on/with	Platform Versions
Zyxel Gs1900 24e	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 24 Firmware	Up to 2.70\(aahl.5\)

Running on/with	Platform Versions
Zyxel Gs1900 24	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 16 Firmware	Up to 2.70\(aahj.5\)

Running on/with	Platform Versions
Zyxel Gs1900 16	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 10hp Firmware	Up to 2.70\(aazi.5\)

Running on/with	Platform Versions
Zyxel Gs1900 10hp	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 8hp Firmware	Up to 2.70\(aahi.5\)

Running on/with	Platform Versions
Zyxel Gs1900 8hp	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Gs1900 8 Firmware	Up to 2.70\(aahh.5\)

Running on/with	Platform Versions
Zyxel Gs1900 8	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches

Source: security@zyxel.com.tw

Not ApplicableVendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableVendor Advisory

Timeline

No history available yet.