CVE-2024-12398

EPSS 0.15%
Veröffentlicht 14.01.2025 02:15:07
Zuletzt bearbeitet 21.01.2025 21:12:02
Quelle security@zyxel.com.tw
Teams Watchlist Login
Unerledigt Login

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zyxel ≫ Nwa50ax Firmware Version < 7.10\(abyw.1\)

Zyxel ≫ Nwa50ax Version-

Zyxel ≫ Nwa50ax Pro Firmware Version < 7.10\(acge.1\)

Zyxel ≫ Nwa50ax Pro Version-

Zyxel ≫ Nwa55axe Firmware Version < 7.10\(abzl.1\)

Zyxel ≫ Nwa55axe Version-

Zyxel ≫ Nwa90ax Firmware Version < 7.10\(accv.1\)

Zyxel ≫ Nwa90ax Version-

Zyxel ≫ Nwa90ax Pro Firmware Version < 7.10\(acgf.1\)

Zyxel ≫ Nwa90ax Pro Version-

Zyxel ≫ Nwa110ax Firmware Version < 7.10\(abtg.1\)

Zyxel ≫ Nwa110ax Version-

Zyxel ≫ Nwa130be Firmware Version < 7.10\(acil.1\)

Zyxel ≫ Nwa130be Version-

Zyxel ≫ Nwa210ax Firmware Version < 7.10\(abtd.1\)

Zyxel ≫ Nwa210ax Version-

Zyxel ≫ Nwa220ax-6e Firmware Version < 7.10\(acco.1\)

Zyxel ≫ Nwa220ax-6e Version-

Zyxel ≫ Nwa1123acv3 Firmware Version < 6.70\(abvt.6\)

Zyxel ≫ Nwa1123acv3 Version-

Zyxel ≫ Wac500 Firmware Version < 6.70\(abvs.6\)

Zyxel ≫ Wac500 Version-

Zyxel ≫ Wac500h Firmware Version < 6.70\(abwa.6\)

Zyxel ≫ Wac500h Version-

Zyxel ≫ Wax300h Firmware Version < 7.10\(achf.1\)

Zyxel ≫ Wax300h Version-

Zyxel ≫ Wax510d Firmware Version < 7.10\(abtf.1\)

Zyxel ≫ Wax510d Version-

Zyxel ≫ Wax610d Firmware Version < 7.10\(abte.1\)

Zyxel ≫ Wax610d Version-

Zyxel ≫ Wax620d-6e Firmware Version < 7.10\(accn.1\)

Zyxel ≫ Wax620d-6e Version-

Zyxel ≫ Wax630s Firmware Version < 7.10\(abzd.1\)

Zyxel ≫ Wax630s Version-

Zyxel ≫ Wax640s-6e Firmware Version < 7.10\(accm.1\)

Zyxel ≫ Wax640s-6e Version-

Zyxel ≫ Wax650s Firmware Version < 7.10\(abrm.1\)

Zyxel ≫ Wax650s Version-

Zyxel ≫ Wax655e Firmware Version < 7.10\(acdo.1\)

Zyxel ≫ Wax655e Version-

Zyxel ≫ Wbe530 Firmware Version < 7.10\(acle.1\)

Zyxel ≫ Wbe530 Version-

Zyxel ≫ Wbe660s Firmware Version < 7.00\(acgg.1\)

Zyxel ≫ Wbe660s Version-

Zyxel ≫ Usg Lite 60ax Firmware Version < 2.10\(acip.0\)

Zyxel ≫ Usg Lite 60ax Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.358

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@zyxel.com.tw	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-12398

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12398

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12398

EUVD