1. Home
  2. CVE Database
  3. CVE-2022-45853
MEDIUM · 6.7

CVE-2022-45853

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with admini...

Vulnerability Description

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
ZyxelGs1900-8 Firmware2.70\(aahh.3\)
ZyxelGs1900-8-
ZyxelGs1900-8Hp Firmware2.70\(aahi.3\)
ZyxelGs1900-8Hp-
ZyxelGs1900-10Hp Firmware2.70\(aazi.3\)
ZyxelGs1900-10Hp-
ZyxelGs1900-16 Firmware2.70\(aahj.3\)
ZyxelGs1900-16-
ZyxelGs1900-24 Firmware2.70\(aahl.3\)
ZyxelGs1900-24-
ZyxelGs1900-24E Firmware2.70\(aahk.3\)
ZyxelGs1900-24E-
ZyxelGs1900-24Ep Firmware2.70\(abto.3\)
ZyxelGs1900-24Ep-
ZyxelGs1900-24Hpv2 Firmware2.70\(abtp.3\)
ZyxelGs1900-24Hpv2-
ZyxelGs1900-48 Firmware2.70\(aahn.3\)
ZyxelGs1900-48-
ZyxelGs1900-48Hpv2 Firmware2.70\(abtq.3\)
ZyxelGs1900-48Hpv2-

Related Weaknesses (CWE)

CWE-269CWE-276

References

FAQ

What is CVE-2022-45853?

CVE-2022-45853 is a vulnerability with a CVSS score of 6.7 (MEDIUM). The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with admini...

How severe is CVE-2022-45853?

CVE-2022-45853 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-45853?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Gs1900-8 Firmware, Zyxel Gs1900-8, Zyxel Gs1900-8Hp Firmware, Zyxel Gs1900-8Hp, Zyxel Gs1900-10Hp Firmware.