Alexey Morozkov

**Name of the Vulnerable Software and Affected Versions** Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) **Description** The issue is related to improper privilege management in the firmware of the Zyxel GS1900-24EP switch. This could allow an authenticated local user with read-only access to modify system settings on a vulnerable device. An attacker could exploit this to change system settings on the device. **Recommendations** For Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5), consider restricting access to system settings until a patch is available. As a temporary workaround, limit the privileges of read-only users to prevent them from modifying system settings. At the moment, there is no information about a newer version that contains a fix for this vulnerability.