CVE-2024-1575

EPSS 0.19%
Published 23.07.2024 02:15:02
Last modified 22.01.2025 22:33:15
Source security@zyxel.com.tw
Teams watchlist Login
Open Login

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zyxel ≫ Nwa50ax Firmware Version < 7.00\(abyw.1\)

Zyxel ≫ Nwa50ax Version-

Zyxel ≫ Nwa50ax-pro Firmware Version < 7.00\(acge.1\)

Zyxel ≫ Nwa50ax-pro Version-

Zyxel ≫ Nwa55axe Firmware Version < 7.00\(abzl.1\)

Zyxel ≫ Nwa55axe Version-

Zyxel ≫ Nwa90ax Firmware Version < 7.00\(accv.1\)

Zyxel ≫ Nwa90ax Version-

Zyxel ≫ Nwa90ax-pro Firmware Version < 7.00\(acgf.1\)

Zyxel ≫ Nwa90ax-pro Version-

Zyxel ≫ Nwa110ax Firmware Version < 7.00\(abtg.1\)

Zyxel ≫ Nwa110ax Version-

Zyxel ≫ Nwa210ax Firmware Version < 7.00\(abtd.1\)

Zyxel ≫ Nwa210ax Version-

Zyxel ≫ Nwa220ax-6e Firmware Version < 7.00\(acco.1\)

Zyxel ≫ Nwa220ax-6e Version-

Zyxel ≫ Nwa1123acv3 Firmware Version < 6.70\(abvt.4\)

Zyxel ≫ Nwa1123acv3 Version-

Zyxel ≫ Wac500 Firmware Version < 6.70\(abvs.4\)

Zyxel ≫ Wac500 Version-

Zyxel ≫ Wac500h Firmware Version < 6.70\(abwa.4\)

Zyxel ≫ Wac500h Version-

Zyxel ≫ Wax300h Firmware Version < 7.00\(achf.1\)

Zyxel ≫ Wax300h Version-

Zyxel ≫ Wax510d Firmware Version < 7.00\(abtf.1\)

Zyxel ≫ Wax510d Version-

Zyxel ≫ Wax610d Firmware Version < 7.00\(abte.1\)

Zyxel ≫ Wax610d Version-

Zyxel ≫ Wax620d-6e Firmware Version < 7.00\(accn.1\)

Zyxel ≫ Wax620d-6e Version-

Zyxel ≫ Wax630s Firmware Version < 7.00\(abzd.1\)

Zyxel ≫ Wax630s Version-

Zyxel ≫ Wax640s-6e Firmware Version < 7.00\(accm.1\)

Zyxel ≫ Wax640s-6e Version-

Zyxel ≫ Wax650s Firmware Version < 7.00\(abrm.1\)

Zyxel ≫ Wax650s Version-

Zyxel ≫ Wax655e Firmware Version < 7.00\(acdo.1\)

Zyxel ≫ Wax655e Version-

Zyxel ≫ Wbe660s Firmware Version < 7.00\(acgg.1\)

Zyxel ≫ Wbe660s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.413

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@zyxel.com.tw	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-1575

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1575

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1575

EUVD