CVE-2023-35140

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware versionV2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
ZyxelCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
zyxelgs1900-48hpv2_firmware
𝑥
≤ 2.70\(abtq.5\)
zyxelgs1900-48_firmware
𝑥
≤ 2.70\(aahn.5\)
zyxelgs1900-24hpv2_firmware
𝑥
≤ 2.70\(abtp.5\)
zyxelgs1900-24ep_firmware
𝑥
≤ 2.70\(abto.5\)
zyxelgs1900-24e_firmware
𝑥
≤ 2.70\(aahk.5\)
zyxelgs1900-24_firmware
𝑥
≤ 2.70\(aahl.5\)
zyxelgs1900-16_firmware
𝑥
≤ 2.70\(aahj.5\)
zyxelgs1900-10hp_firmware
𝑥
≤ 2.70\(aazi.5\)
zyxelgs1900-8hp_firmware
𝑥
≤ 2.70\(aahi.5\)
zyxelgs1900-8_firmware
𝑥
≤ 2.70\(aahh.5\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches