CVE-2022-45853

MEDIUM

Zyxel GS1900 Series Firmware V2.70 - Authenticated Privilege Escalation via SSH

Title source: llm

Description

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.

References (1)

Core 1

Core References

Vendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches

Scores

CVSS v3 6.7

EPSS 0.0003

EPSS Percentile 10.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269 CWE-276

Status published

Products (10)

zyxel/gs1900-10hp_firmware 2.70\(aazi.3\)

zyxel/gs1900-16_firmware 2.70\(aahj.3\)

zyxel/gs1900-24_firmware 2.70\(aahl.3\)

zyxel/gs1900-24e_firmware 2.70\(aahk.3\)

zyxel/gs1900-24ep_firmware 2.70\(abto.3\)

zyxel/gs1900-24hpv2_firmware 2.70\(abtp.3\)

zyxel/gs1900-48_firmware 2.70\(aahn.3\)

zyxel/gs1900-48hpv2_firmware 2.70\(abtq.3\)

zyxel/gs1900-8_firmware 2.70\(aahh.3\)

zyxel/gs1900-8hp_firmware 2.70\(aahi.3\)

Published May 30, 2023

Tracked Since Feb 18, 2026