CVE-2023-35140
MEDIUMZyxel GS1900 Series Firmware < 2.70 - Authenticated Privilege Escalation via Read-Only Access
Title source: llmDescription
The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.
References (1)
Core 1
Core References
Not Applicable, Vendor Advisory vendor-advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
18.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-269
Status
published
Products (10)
zyxel/gs1900-10hp_firmware
< 2.70\(aazi.5\)
zyxel/gs1900-16_firmware
< 2.70\(aahj.5\)
zyxel/gs1900-24_firmware
< 2.70\(aahl.5\)
zyxel/gs1900-24e_firmware
< 2.70\(aahk.5\)
zyxel/gs1900-24ep_firmware
< 2.70\(abto.5\)
zyxel/gs1900-24hpv2_firmware
< 2.70\(abtp.5\)
zyxel/gs1900-48_firmware
< 2.70\(aahn.5\)
zyxel/gs1900-48hpv2_firmware
< 2.70\(abtq.5\)
zyxel/gs1900-8_firmware
< 2.70\(aahh.5\)
zyxel/gs1900-8hp_firmware
< 2.70\(aahi.5\)
Published
Nov 07, 2023
Tracked Since
Feb 18, 2026