5.5

CVE-2023-35140

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.

Data is provided by the National Vulnerability Database (NVD)
ZyxelGs1900-48hpv2 Firmware Version <= 2.70\(abtq.5\)
   ZyxelGs1900-48hpv2 Version-
ZyxelGs1900-48 Firmware Version <= 2.70\(aahn.5\)
   ZyxelGs1900-48 Version-
ZyxelGs1900-24hpv2 Firmware Version <= 2.70\(abtp.5\)
   ZyxelGs1900-24hpv2 Version-
ZyxelGs1900-24ep Firmware Version <= 2.70\(abto.5\)
   ZyxelGs1900-24ep Version-
ZyxelGs1900-24e Firmware Version <= 2.70\(aahk.5\)
   ZyxelGs1900-24e Version-
ZyxelGs1900-24 Firmware Version <= 2.70\(aahl.5\)
   ZyxelGs1900-24 Version-
ZyxelGs1900-16 Firmware Version <= 2.70\(aahj.5\)
   ZyxelGs1900-16 Version-
ZyxelGs1900-10hp Firmware Version <= 2.70\(aazi.5\)
   ZyxelGs1900-10hp Version-
ZyxelGs1900-8hp Firmware Version <= 2.70\(aahi.5\)
   ZyxelGs1900-8hp Version-
ZyxelGs1900-8 Firmware Version <= 2.70\(aahh.5\)
   ZyxelGs1900-8 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.133
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
security@zyxel.com.tw 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.