CVE-2023-35140 — MEDIUM (5.5)

Q: How severe is CVE-2023-35140?

CVE-2023-35140 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-35140?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Gs1900-48Hpv2 Firmware, Zyxel Gs1900-48Hpv2, Zyxel Gs1900-48 Firmware, Zyxel Gs1900-48, Zyxel Gs1900-24Hpv2 Firmware.

Vulnerability Description

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Zyxel	Gs1900-48Hpv2 Firmware	<= 2.70\(abtq.5\)
Zyxel	Gs1900-48Hpv2	-
Zyxel	Gs1900-48 Firmware	<= 2.70\(aahn.5\)
Zyxel	Gs1900-48	-
Zyxel	Gs1900-24Hpv2 Firmware	<= 2.70\(abtp.5\)
Zyxel	Gs1900-24Hpv2	-
Zyxel	Gs1900-24Ep Firmware	<= 2.70\(abto.5\)
Zyxel	Gs1900-24Ep	-
Zyxel	Gs1900-24E Firmware	<= 2.70\(aahk.5\)
Zyxel	Gs1900-24E	-
Zyxel	Gs1900-24 Firmware	<= 2.70\(aahl.5\)
Zyxel	Gs1900-24	-
Zyxel	Gs1900-16 Firmware	<= 2.70\(aahj.5\)
Zyxel	Gs1900-16	-
Zyxel	Gs1900-10Hp Firmware	<= 2.70\(aazi.5\)
Zyxel	Gs1900-10Hp	-
Zyxel	Gs1900-8Hp Firmware	<= 2.70\(aahi.5\)
Zyxel	Gs1900-8Hp	-
Zyxel	Gs1900-8 Firmware	<= 2.70\(aahh.5\)
Zyxel	Gs1900-8	-

Related Weaknesses (CWE)

CWE-269

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisNot ApplicableVendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisNot ApplicableVendor Advisory

FAQ

What is CVE-2023-35140?

CVE-2023-35140 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings o...

How severe is CVE-2023-35140?

CVE-2023-35140 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-35140?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Gs1900-48Hpv2 Firmware, Zyxel Gs1900-48Hpv2, Zyxel Gs1900-48 Firmware, Zyxel Gs1900-48, Zyxel Gs1900-24Hpv2 Firmware.