CVE-2023-35140

Published Nov 7, 2023
Last updated a year ago
CVSS medium 5.5
Overview

Description: The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.
Source: security@zyxel.com.tw
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM
Weaknesses

security@zyxel.com.tw: CWE-269
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA14022B-4409-4725-BB26-2E85DC8BA02A",
            "versionEndIncluding": "2.70\\(abtq.5\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BB5CC06-9693-4951-BB8D-70CAF93C805E",
            "versionEndIncluding": "2.70\\(aahn.5\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F9A3EA9-5893-46AC-AECB-DE0A30DD0498",
            "versionEndIncluding": "2.70\\(abtp.5\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C96ECDC-3D00-4AA9-8E72-78ABC672D637",
            "versionEndIncluding": "2.70\\(abto.5\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E14B4311-5435-41DF-B0AC-32156D386D41",
            "versionEndIncluding": "2.70\\(aahk.5\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE64CC41-E4E4-4FED-88B9-FEC05FA7B0B6",
            "versionEndIncluding": "2.70\\(aahl.5\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A68FFD4-FEFF-49F0-9091-9B2E5F0C707C",
            "versionEndIncluding": "2.70\\(aahj.5\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC5EBAF1-3805-4332-9573-70E119244A71",
            "versionEndIncluding": "2.70\\(aazi.5\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C6E4B8A-4EC0-4BF6-81FE-40B5AA4B68A8",
            "versionEndIncluding": "2.70\\(aahi.5\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13BF4CC3-F378-41D6-AAE1-4A5FA9C176C3",
            "versionEndIncluding": "2.70\\(aahh.5\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
