CVE-2022-45853

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

he privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches	Vendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:gs1900-8_firmware:2.70\(aahh.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70\(aahi.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70\(aazi.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:zyxel:gs1900-16_firmware:2.70\(aahj.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:zyxel:gs1900-24_firmware:2.70\(aahl.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70\(aahk.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70\(abto.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70\(abtp.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:zyxel:gs1900-48_firmware:2.70\(aahn.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70\(abtq.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*

History

10 Jan 2025, 18:15

Type	Values Removed	Values Added
CWE		CWE-276

21 Nov 2024, 07:29

Type	Values Removed	Values Added
References	~~() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches - Vendor Advisory~~	() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches - Vendor Advisory

Information

Published : 2023-05-30 11:15

Updated : 2025-01-10 18:15

NVD link : CVE-2022-45853

Mitre link : CVE-2022-45853

CVE.ORG link : CVE-2022-45853

JSON object : View

Products Affected

zyxel

CWE

CWE-269

Improper Privilege Management

NVD-CWE-noinfo CWE-276

Incorrect Default Permissions

6.7 /10