Vulnerability Details CVE-2023-35140
The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.5%
CVSS Severity
CVSS v3 Score 5.5
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches
Products affected by CVE-2023-35140
-
cpe:2.3:h:zyxel:gs1900-10hp:-
-
cpe:2.3:h:zyxel:gs1900-16:-
-
cpe:2.3:h:zyxel:gs1900-24:-
-
cpe:2.3:h:zyxel:gs1900-24e:-
-
cpe:2.3:h:zyxel:gs1900-24ep:-
-
cpe:2.3:h:zyxel:gs1900-24hpv2:-
-
cpe:2.3:h:zyxel:gs1900-48:-
-
cpe:2.3:h:zyxel:gs1900-48hpv2:-
-
cpe:2.3:h:zyxel:gs1900-8:-
-
cpe:2.3:h:zyxel:gs1900-8hp:-
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:-
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.50(aazi.0)c0
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.3)
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.3)c0
-
cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70(aazi.5)
-
cpe:2.3:o:zyxel:gs1900-16_firmware:-
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.50(aahj.0)c0
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.3)
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.3)c0
-
cpe:2.3:o:zyxel:gs1900-16_firmware:2.70(aahj.5)
-
cpe:2.3:o:zyxel:gs1900-24_firmware:-
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.50(aahl.0)c0
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.3)
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.3)c0
-
cpe:2.3:o:zyxel:gs1900-24_firmware:2.70(aahl.5)
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:-
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.50(aahk.0)c0
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.3)
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.3)c0
-
cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70(aahk.5)
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.3)
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.3)c0
-
cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70(abto.5)
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(aatp.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(abtp.3)
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(abtp.3)c0
-
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70(abtp.5)
-
cpe:2.3:o:zyxel:gs1900-48_firmware:-
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.50(aahn.0)c0
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.3)
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.3)c0
-
cpe:2.3:o:zyxel:gs1900-48_firmware:2.70(aahn.5)
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.3)
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.3)c0
-
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70(abtq.5)
-
cpe:2.3:o:zyxel:gs1900-8_firmware:-
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.50(aaho.0)c0
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.3)
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.3)c0
-
cpe:2.3:o:zyxel:gs1900-8_firmware:2.70(aahh.5)
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:-
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.40
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.50(aahi.0)c0
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.0)-20211208
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.3)
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.3)c0
-
cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70(aahi.5)