Privilege Escalation Vulnerability in Zyxel GS1900 Series Switches
CVE-2022-45853

6.7MEDIUM

Key Information:

Vendor: Zyxel
Status: Gs1900-8HP Firmware; Gs1900-8 Firmware
Vendor: CVE Published:; 30 May 2023

Summary

A privilege escalation vulnerability exists in the firmware of Zyxel GS1900 series switches, specifically in the GS1900-8 and GS1900-8HP models. This flaw allows an authenticated local attacker with administrative rights to execute arbitrary system commands at the root level via SSH, potentially compromising the integrity and security of the device. Users are urged to apply firmware updates to mitigate this vulnerability.

Affected Version(s)

GS1900-8 firmware V2.70(AAHH.3)

GS1900-8HP firmware V2.70(AAHI.3)

References

https://www.zyxel.com/global/en/support/security-advisori...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 30, 2023
Vulnerability Reserved
Nov 23, 2022