Lucene search
K

130 matches found

Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.9 views

PT-2024-8145 · Zyxel · Zyxel Gs1900-48

Name of the Vulnerable Software and Affected Versions: Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier Description: A buffer overflow vulnerability in the CGI program could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service DoS...

5.5CVSS7.9AI score0.00235EPSS
Exploits0References6
NVD
NVD
added 2024/09/10 2:15 a.m.27 views

CVE-2024-38270

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80AAZI.0C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid...

6.5CVSS0.00212EPSS
Exploits0References1
OSV
OSV
added 2024/09/10 2:15 a.m.5 views

CVE-2024-38270

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80AAZI.0C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/10 1:20 a.m.31 views

CVE-2024-38270

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80AAZI.0C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid...

5.3CVSS0.00212EPSS
Exploits0References1
CVE
CVE
added 2024/09/10 1:20 a.m.63 views

CVE-2024-38270

The CVE-2024-38270 entry concerns Zyxel GS1900-10HP firmware v2.80(AAZI.0)C0. The root cause is the improper use of a randomness function with low entropy to generate web authentication tokens. This enables a LAN-based attacker, under the condition that multiple authenticated sessions are active,...

6.5CVSS7.5AI score0.00212EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.9 views

PT-2024-27909 · Zyxel · Zyxel Gs1900-10Hp

Name of the Vulnerable Software and Affected Versions: Zyxel GS1900-10HP firmware version V2.80AAZI.0C0 Description: An insufficient entropy vulnerability exists due to the improper use of a randomness function with low entropy for web authentication tokens generation. This could allow a LAN-base...

6.5CVSS7.4AI score0.00212EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/01/11 12:0 a.m.5 views

The vulnerability of the microprogrammed software of Zyxel GS1900 series switches, related to insecure privilege management, allows attackers to execute arbitrary commands and elevate their privileges to the root level.

The vulnerability of the microprogrammed software of Zyxel GS1900 series switches is related to insecure management of privileges. Exploiting this vulnerability allows an attacker to execute arbitrary commands and elevate their privileges to the root level via SSH...

6.7CVSS7.4AI score0.0017EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/11/24 12:0 a.m.7 views

The vulnerability of the microprogrammed software of Zyxel GS1900-24EP switches, related to insecure privilege management, allows a intruder to alter system settings on the vulnerable device.

The vulnerability of the microprogrammed software of Zyxel GS1900-24EP series switches is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to modify system settings on the vulnerable device...

5.5CVSS5.9AI score0.00173EPSS
Exploits0References3
OSV
OSV
added 2023/11/07 5:15 a.m.3 views

CVE-2023-35140

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70ABTO.5 could allow an authenticated local user with read-only access to modify system settings on a vulnerable device...

5.5CVSS5.8AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2023/11/07 5:15 a.m.24 views

CVE-2023-35140

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70ABTO.5 could allow an authenticated local user with read-only access to modify system settings on a vulnerable device...

5.5CVSS5.3AI score0.00173EPSS
Exploits0References1
Prion
Prion
added 2023/11/07 5:15 a.m.21 views

Privilege escalation

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70ABTO.5 could allow an authenticated local user with read-only access to modify system settings on a vulnerable device...

1.7CVSS6.8AI score0.00173EPSS
Exploits0References1Affected Software10
Vulnrichment
Vulnrichment
added 2023/11/07 1:44 a.m.17 views

CVE-2023-35140

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70ABTO.5 could allow an authenticated local user with read-only access to modify system settings on a vulnerable device...

5.5CVSS6.9AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/07 1:44 a.m.25 views

CVE-2023-35140

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70ABTO.5 could allow an authenticated local user with read-only access to modify system settings on a vulnerable device...

5.5CVSS5.6AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2023/11/07 1:44 a.m.68 views

CVE-2023-35140

The CVE-2023-35140 issue impacts Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5). The root cause is improper privilege management, enabling an authenticated local user with read-only access to modify system settings on the vulnerable device. Reported CVSS v3.1 vector: Local, Low attack co...

5.5CVSS5.3AI score0.00173EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.4 views

Zyxel GS1900 Security Vulnerability

The Zyxel GS1900 is a managed switch from China-based Zyxel. A security vulnerability exists in the Zyxel GS1900-24EP V2.70 ABTO.5 firmware version, which arises from improper privilege management that allows an authenticated local user with read-only access to modify system settings on the...

5.5CVSS6.5AI score0.00173EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/06/06 4:16 a.m.104 views

Zyxel Firewalls Under Attack! Urgent Patching Required

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buff...

9.8CVSS9.2AI score0.99284EPSS
Exploits8
NVD
NVD
added 2023/05/30 11:15 a.m.20 views

CVE-2022-45853

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70AAHH.3 and the GS1900-8HP firmware version V2.70AAHI.3 could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH...

6.7CVSS6.8AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2023/05/30 11:15 a.m.4 views

CVE-2022-45853

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70AAHH.3 and the GS1900-8HP firmware version V2.70AAHI.3 could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH...

6.7CVSS5.9AI score0.0017EPSS
Exploits0References1
Prion
Prion
added 2023/05/30 11:15 a.m.23 views

Privilege escalation

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70AAHH.3 and the GS1900-8HP firmware version V2.70AAHI.3 could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH...

4CVSS6.8AI score0.0017EPSS
Exploits0References1Affected Software10
CVE
CVE
added 2023/05/30 10:2 a.m.96 views

CVE-2022-45853

CVE-2022-45853 affects Zyxel GS1900-8 and GS1900-8HP switches (firmware V2.70(AAHH.3)/V2.70(AAHI.3)). An authenticated local administrator can exploit insecure privilege management to run system commands as root via SSH, elevating privileges. Exploit details are not explicitly documented in the p...

6.7CVSS7.4AI score0.0017EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder