CVE-2023-35140

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.

La vulnerabilidad de administración de privilegios inadecuada en Zyxel GS1900-24EP switch firmware versión V2.70 (ABTO.5) podría permitir que un usuario local autenticado con acceso de solo lectura modifique la configuración del sistema en un dispositivo vulnerable.

*Credits: N/A

CVSS Scores

Zyxel Corporationv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-06-14 CVE Reserved
2023-11-07 CVE Published
2023-11-07 EPSS Updated
2024-09-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-269: Improper Privilege Management

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches	2023-11-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zyxel Search vendor "Zyxel"	Gs1900-48hpv2 Firmware Search vendor "Zyxel" for product "Gs1900-48hpv2 Firmware"	<= 2.70\(abtq.5\) Search vendor "Zyxel" for product "Gs1900-48hpv2 Firmware" and version " <= 2.70\(abtq.5\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-48hpv2 Search vendor "Zyxel" for product "Gs1900-48hpv2"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-48 Firmware Search vendor "Zyxel" for product "Gs1900-48 Firmware"	<= 2.70\(aahn.5\) Search vendor "Zyxel" for product "Gs1900-48 Firmware" and version " <= 2.70\(aahn.5\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-48 Search vendor "Zyxel" for product "Gs1900-48"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-24hpv2 Firmware Search vendor "Zyxel" for product "Gs1900-24hpv2 Firmware"	<= 2.70\(abtp.5\) Search vendor "Zyxel" for product "Gs1900-24hpv2 Firmware" and version " <= 2.70\(abtp.5\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-24hpv2 Search vendor "Zyxel" for product "Gs1900-24hpv2"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-24ep Firmware Search vendor "Zyxel" for product "Gs1900-24ep Firmware"	<= 2.70\(abto.5\) Search vendor "Zyxel" for product "Gs1900-24ep Firmware" and version " <= 2.70\(abto.5\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-24ep Search vendor "Zyxel" for product "Gs1900-24ep"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-24e Firmware Search vendor "Zyxel" for product "Gs1900-24e Firmware"	<= 2.70\(aahk.5\) Search vendor "Zyxel" for product "Gs1900-24e Firmware" and version " <= 2.70\(aahk.5\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-24e Search vendor "Zyxel" for product "Gs1900-24e"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-24 Firmware Search vendor "Zyxel" for product "Gs1900-24 Firmware"	<= 2.70\(aahl.5\) Search vendor "Zyxel" for product "Gs1900-24 Firmware" and version " <= 2.70\(aahl.5\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-24 Search vendor "Zyxel" for product "Gs1900-24"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-16 Firmware Search vendor "Zyxel" for product "Gs1900-16 Firmware"	<= 2.70\(aahj.5\) Search vendor "Zyxel" for product "Gs1900-16 Firmware" and version " <= 2.70\(aahj.5\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-16 Search vendor "Zyxel" for product "Gs1900-16"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-10hp Firmware Search vendor "Zyxel" for product "Gs1900-10hp Firmware"	<= 2.70\(aazi.5\) Search vendor "Zyxel" for product "Gs1900-10hp Firmware" and version " <= 2.70\(aazi.5\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-10hp Search vendor "Zyxel" for product "Gs1900-10hp"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-8hp Firmware Search vendor "Zyxel" for product "Gs1900-8hp Firmware"	<= 2.70\(aahi.5\) Search vendor "Zyxel" for product "Gs1900-8hp Firmware" and version " <= 2.70\(aahi.5\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-8hp Search vendor "Zyxel" for product "Gs1900-8hp"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-8 Firmware Search vendor "Zyxel" for product "Gs1900-8 Firmware"	<= 2.70\(aahh.5\) Search vendor "Zyxel" for product "Gs1900-8 Firmware" and version " <= 2.70\(aahh.5\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-8 Search vendor "Zyxel" for product "Gs1900-8"	-	-	Safe