CVE-2024-12398

Published: Jan 14, 2025Modified: Jan 21, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: security@zyxel.com.tw (Secondary)

Description

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

Affected (23)

Products: Zyxel: Nwa50ax Firmware, Nwa50ax Pro Firmware, Nwa55axe Firmware, Nwa90ax Firmware, Nwa90ax Pro Firmware, Nwa110ax Firmware, Nwa130be Firmware, Nwa210ax Firmware, Nwa220ax 6e Firmware, Nwa1123acv3 Firmware, Wac500 Firmware, Wac500h Firmware, Wax300h Firmware, Wax510d Firmware, Wax610d Firmware, Wax620d 6e Firmware, Wax630s Firmware, Wax640s 6e Firmware, Wax650s Firmware, Wax655e Firmware, Wbe530 Firmware, Wbe660s Firmware, Usg Lite 60ax Firmware

23 products

Usg Lite 60ax Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa50ax Firmware	Before 7.10\(abyw.1\)

Running on/with	Platform Versions
Zyxel Nwa50ax	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa50ax Pro Firmware	Before 7.10\(acge.1\)

Running on/with	Platform Versions
Zyxel Nwa50ax Pro	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa55axe Firmware	Before 7.10\(abzl.1\)

Running on/with	Platform Versions
Zyxel Nwa55axe	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa90ax Firmware	Before 7.10\(accv.1\)

Running on/with	Platform Versions
Zyxel Nwa90ax	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa90ax Pro Firmware	Before 7.10\(acgf.1\)

Running on/with	Platform Versions
Zyxel Nwa90ax Pro	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa110ax Firmware	Before 7.10\(abtg.1\)

Running on/with	Platform Versions
Zyxel Nwa110ax	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa130be Firmware	Before 7.10\(acil.1\)

Running on/with	Platform Versions
Zyxel Nwa130be	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa210ax Firmware	Before 7.10\(abtd.1\)

Running on/with	Platform Versions
Zyxel Nwa210ax	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa220ax 6e Firmware	Before 7.10\(acco.1\)

Running on/with	Platform Versions
Zyxel Nwa220ax 6e	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa1123acv3 Firmware	Before 6.70\(abvt.6\)

Running on/with	Platform Versions
Zyxel Nwa1123acv3	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wac500 Firmware	Before 6.70\(abvs.6\)

Running on/with	Platform Versions
Zyxel Wac500	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wac500h Firmware	Before 6.70\(abwa.6\)

Running on/with	Platform Versions
Zyxel Wac500h	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax300h Firmware	Before 7.10\(achf.1\)

Running on/with	Platform Versions
Zyxel Wax300h	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax510d Firmware	Before 7.10\(abtf.1\)

Running on/with	Platform Versions
Zyxel Wax510d	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax610d Firmware	Before 7.10\(abte.1\)

Running on/with	Platform Versions
Zyxel Wax610d	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax620d 6e Firmware	Before 7.10\(accn.1\)

Running on/with	Platform Versions
Zyxel Wax620d 6e	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax630s Firmware	Before 7.10\(abzd.1\)

Running on/with	Platform Versions
Zyxel Wax630s	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax640s 6e Firmware	Before 7.10\(accm.1\)

Running on/with	Platform Versions
Zyxel Wax640s 6e	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax650s Firmware	Before 7.10\(abrm.1\)

Running on/with	Platform Versions
Zyxel Wax650s	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax655e Firmware	Before 7.10\(acdo.1\)

Running on/with	Platform Versions
Zyxel Wax655e	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wbe530 Firmware	Before 7.10\(acle.1\)

Running on/with	Platform Versions
Zyxel Wbe530	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wbe660s Firmware	Before 7.00\(acgg.1\)

Running on/with	Platform Versions
Zyxel Wbe660s	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Usg Lite 60ax Firmware	Before 2.10\(acip.0\)

Running on/with	Platform Versions
Zyxel Usg Lite 60ax	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025

Source: security@zyxel.com.tw

Vendor Advisory

Timeline

No history available yet.