CVE-2023-35140

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*

History

14 Nov 2023, 18:27

Type Values Removed Values Added
References () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches - () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches - Not Applicable, Vendor Advisory
First Time Zyxel
Zyxel gs1900-48 Firmware
Zyxel gs1900-24e
Zyxel gs1900-48
Zyxel gs1900-24 Firmware
Zyxel gs1900-24hpv2
Zyxel gs1900-10hp
Zyxel gs1900-48hpv2 Firmware
Zyxel gs1900-8hp
Zyxel gs1900-24e Firmware
Zyxel gs1900-24hpv2 Firmware
Zyxel gs1900-48hpv2
Zyxel gs1900-16 Firmware
Zyxel gs1900-8
Zyxel gs1900-24ep Firmware
Zyxel gs1900-8hp Firmware
Zyxel gs1900-24ep
Zyxel gs1900-16
Zyxel gs1900-10hp Firmware
Zyxel gs1900-8 Firmware
Zyxel gs1900-24
CPE cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*

07 Nov 2023, 12:14

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-07 05:15

Updated : 2023-12-10 15:14


NVD link : CVE-2023-35140

Mitre link : CVE-2023-35140

CVE.ORG link : CVE-2023-35140


JSON object : View

Products Affected

zyxel

  • gs1900-8hp
  • gs1900-24hpv2_firmware
  • gs1900-16
  • gs1900-48hpv2_firmware
  • gs1900-10hp_firmware
  • gs1900-10hp
  • gs1900-24
  • gs1900-48
  • gs1900-8
  • gs1900-24hpv2
  • gs1900-8_firmware
  • gs1900-16_firmware
  • gs1900-8hp_firmware
  • gs1900-24ep
  • gs1900-48_firmware
  • gs1900-24_firmware
  • gs1900-24e
  • gs1900-48hpv2
  • gs1900-24ep_firmware
  • gs1900-24e_firmware
CWE
CWE-269

Improper Privilege Management