Zyxel security advisory for improper privilege management vulnerability in GS1900 series switches




CVE: CVE-2023-35140
Summary
Zyxel has released patches for GS1900 series switches affected by an improper privilege management vulnerability. Users are advised to install them for optimal protection.
What is the vulnerability?
A vulnerability in the Zyxel GS1900 series switches could allow a local authenticated user with the read-only access to modify system settings on a vulnerable device.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the vulnerable switches that are within their vulnerability support period and released patches to address the vulnerability, as shown in the table below.
Affected model | Affected version | Patch availability |
---|---|---|
GS1900-8 | V2.70(AAHH.5) | |
GS1900-8HP | V2.70(AAHI.5) | |
GS1900-10HP | V2.70(AAZI.5) | |
GS1900-16 | V2.70(AAHJ.5) | |
GS1900-24 | V2.70(AAHL.5) | |
GS1900-24E | V2.70(AAHK.5) | |
GS1900-24EP | V2.70(ABTO.5) | |
GS1900-24HPv2 | V2.70(ABTP.5) | |
GS1900-48 | V2.70(AAHN.5) | |
GS1900-48HPv2 | V2.70(ABTQ.5) |
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Acknowledgment
Thanks to Alexey Morozkov for reporting the issue to us.
Revision history
2023-11-7: Initial release.
Categories
- All Categories
- 300 Beta Program
- 1.9K Nebula
- 103 Nebula Ideas
- 72 Nebula Status and Incidents
- 4.8K Security
- 4 USG FLEX H Series
- 242 Security Ideas
- 1.1K Switch
- 54 Switch Ideas
- 809 WirelessLAN
- 30 WLAN Ideas
- 5.5K Consumer Product
- 178 Service & License
- 309 News and Release
- 69 Security Advisories
- 19 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.3K FAQ
- 569 Nebula FAQ
- 349 Security FAQ
- 118 Switch FAQ
- 147 WirelessLAN FAQ
- 33 Consumer Product FAQ
- 117 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 70 About Community
- 56 Security Highlight