CVE-2022-45853

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version

V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.

Published: May 30, 2023
Updated: Jun 7, 2023
CVE: CVE-2022-45853
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

Affected Software
References

Software	From	Fixed in
zyxel / gs1900-8_firmware	2.70(aahh.3)	2.70(aahh.3).x
zyxel / gs1900-8hp_firmware	2.70(aahi.3)	2.70(aahi.3).x
zyxel / gs1900-10hp_firmware	2.70(aazi.3)	2.70(aazi.3).x
zyxel / gs1900-16_firmware	2.70(aahj.3)	2.70(aahj.3).x
zyxel / gs1900-24_firmware	2.70(aahl.3)	2.70(aahl.3).x
zyxel / gs1900-24e_firmware	2.70(aahk.3)	2.70(aahk.3).x
zyxel / gs1900-24ep_firmware	2.70(abto.3)	2.70(abto.3).x
zyxel / gs1900-24hpv2_firmware	2.70(abtp.3)	2.70(abtp.3).x
zyxel / gs1900-48_firmware	2.70(aahn.3)	2.70(aahn.3).x
zyxel / gs1900-48hpv2_firmware	2.70(abtq.3)	2.70(abtq.3).x

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches

Vulnerability Database

289,689

CVE-2022-45853