Headline
CVE-2023-35140: Zyxel security advisory for improper privilege management vulnerability in GS1900 series switches | Zyxel Networks
The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.
CVE: CVE-2023-35140****Summary
Zyxel has released patches for GS1900 series switches affected by an improper privilege management vulnerability. Users are advised to install them for optimal protection.
What is the vulnerability?
A vulnerability in the Zyxel GS1900 series switches could allow a local authenticated user with the read-only access to modify system settings on a vulnerable device.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the vulnerable switches that are within their vulnerability support period and released patches to address the vulnerability, as shown in the table below.
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Acknowledgment
Thanks to Alexey Morozkov for reporting the issue to us.
Revision history
2023-11-7: Initial release.
Have a question?
We are always here to help!
Contact us
Related news
The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.