Vulnerabilities > CVE-2022-45853 - Unspecified vulnerability in Zyxel products

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

zyxel

NVD

Published: 2023-05-30

Updated: 2023-06-06

Summary

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.

Vulnerable Configurations

Part	Description	Count
OS	Zyxel Zyxel Gs1900 8 Firmware 2.70\(Aahh.3\) Zyxel Gs1900 8HP Firmware 2.70\(Aahi.3\) Zyxel Gs1900 10Hp Firmware 2.70\(Aazi.3\) Zyxel Gs1900 16 Firmware 2.70\(Aahj.3\) Zyxel Gs1900 24 Firmware 2.70\(Aahl.3\) Zyxel Gs1900 24E Firmware 2.70\(Aahk.3\) Zyxel Gs1900 24Ep Firmware 2.70\(Abto.3\) Zyxel Gs1900 24Hpv2 Firmware 2.70\(Abtp.3\) Zyxel Gs1900 48 Firmware 2.70\(Aahn.3\) Zyxel Gs1900 48Hpv2 Firmware 2.70\(Abtq.3\)	10
Hardware	Zyxel Zyxel Gs1900 8 - Zyxel Gs1900 8HP - Zyxel Gs1900 10Hp - Zyxel Gs1900 16 - Zyxel Gs1900 24 - Zyxel Gs1900 24E - Zyxel Gs1900 24Ep - Zyxel Gs1900 24Hpv2 - Zyxel Gs1900 48 - Zyxel Gs1900 48Hpv2 -	10

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches