CVE-2023-35140
published 2023-11-07CVE-2023-35140: The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | gs1900-10hp_firmware | <= 2.70\(aazi.5\) | — |
| zyxel | gs1900-16_firmware | <= 2.70\(aahj.5\) | — |
| zyxel | gs1900-24_firmware | <= 2.70\(aahl.5\) | — |
| zyxel | gs1900-24e_firmware | <= 2.70\(aahk.5\) | — |
| zyxel | gs1900-24ep_firmware | <= 2.70\(abto.5\) | — |
| zyxel | gs1900-24ep_firmware | — | — |
| zyxel | gs1900-24hpv2_firmware | <= 2.70\(abtp.5\) | — |
| zyxel | gs1900-48_firmware | <= 2.70\(aahn.5\) | — |
| zyxel | gs1900-48hpv2_firmware | <= 2.70\(abtq.5\) | — |
| zyxel | gs1900-8_firmware | <= 2.70\(aahh.5\) | — |
| zyxel | gs1900-8hp_firmware | <= 2.70\(aahi.5\) | — |