CVE-2022-45853

Name of the Vulnerable Software and Affected Versions Zyxel GS1900-8 firmware version V2.70(AAHH.3) Zyxel GS1900-8HP firmware version V2.70(AAHI.3)

Description The issue is related to a privilege escalation vulnerability that could allow an authenticated, local attacker with administrator privileges to execute system commands as 'root' on a vulnerable device via SSH. This is due to insecure privilege management in the firmware of Zyxel GS1900 series switches. An attacker could exploit this vulnerability to execute arbitrary commands and elevate their privileges to the root level.

Recommendations For Zyxel GS1900-8 firmware version V2.70(AAHH.3), consider disabling SSH access until a patch is available. For Zyxel GS1900-8HP firmware version V2.70(AAHI.3), restrict access to system commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.