Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-35140: Zyxel security advisory for improper privilege management vulnerability in GS1900 series switches | Zyxel Networks

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.

CVE
#vulnerability#auth

CVE: CVE-2023-35140****Summary

Zyxel has released patches for GS1900 series switches affected by an improper privilege management vulnerability. Users are advised to install them for optimal protection.

What is the vulnerability?

A vulnerability in the Zyxel GS1900 series switches could allow a local authenticated user with the read-only access to modify system settings on a vulnerable device.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable switches that are within their vulnerability support period and released patches to address the vulnerability, as shown in the table below.

Got a question?

Please contact your local service rep or visit Zyxel’s Community for further information or assistance.

Acknowledgment

Thanks to Alexey Morozkov for reporting the issue to us.

Revision history

2023-11-7: Initial release.

Have a question?

We are always here to help!

Contact us

Related news

CVE-2023-5593: Security Advisories | Zyxel Networks

The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907