CVE-2022-45853

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version 

V2.70(AAHH.3)and the GS1900-8HP firmware versionV2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ZyxelCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
zyxelgs1900-8_firmware
2.70\(aahh.3\)
zyxelgs1900-8hp_firmware
2.70\(aahi.3\)
zyxelgs1900-10hp_firmware
2.70\(aazi.3\)
zyxelgs1900-16_firmware
2.70\(aahj.3\)
zyxelgs1900-24_firmware
2.70\(aahl.3\)
zyxelgs1900-24e_firmware
2.70\(aahk.3\)
zyxelgs1900-24ep_firmware
2.70\(abto.3\)
zyxelgs1900-24hpv2_firmware
2.70\(abtp.3\)
zyxelgs1900-48_firmware
2.70\(aahn.3\)
zyxelgs1900-48hpv2_firmware
2.70\(abtq.3\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches