CVE-2024-1575

Published: Jul 23, 2024Modified: Jan 22, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.

Affected (20)

Products: Zyxel: Nwa50ax Firmware, Nwa50ax Pro Firmware, Nwa55axe Firmware, Nwa90ax Firmware, Nwa90ax Pro Firmware, Nwa110ax Firmware, Nwa210ax Firmware, Nwa220ax 6e Firmware, Nwa1123acv3 Firmware, Wac500 Firmware, Wac500h Firmware, Wax300h Firmware, Wax510d Firmware, Wax610d Firmware, Wax620d 6e Firmware, Wax630s Firmware, Wax640s 6e Firmware, Wax650s Firmware, Wax655e Firmware, Wbe660s Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa50ax Firmware	Before 7.00\(abyw.1\)

Running on/with	Platform Versions
Zyxel Nwa50ax	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa50ax Pro Firmware	Before 7.00\(acge.1\)

Running on/with	Platform Versions
Zyxel Nwa50ax Pro	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa55axe Firmware	Before 7.00\(abzl.1\)

Running on/with	Platform Versions
Zyxel Nwa55axe	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa90ax Firmware	Before 7.00\(accv.1\)

Running on/with	Platform Versions
Zyxel Nwa90ax	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa90ax Pro Firmware	Before 7.00\(acgf.1\)

Running on/with	Platform Versions
Zyxel Nwa90ax Pro	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa110ax Firmware	Before 7.00\(abtg.1\)

Running on/with	Platform Versions
Zyxel Nwa110ax	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa210ax Firmware	Before 7.00\(abtd.1\)

Running on/with	Platform Versions
Zyxel Nwa210ax	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa220ax 6e Firmware	Before 7.00\(acco.1\)

Running on/with	Platform Versions
Zyxel Nwa220ax 6e	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nwa1123acv3 Firmware	Before 6.70\(abvt.4\)

Running on/with	Platform Versions
Zyxel Nwa1123acv3	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wac500 Firmware	Before 6.70\(abvs.4\)

Running on/with	Platform Versions
Zyxel Wac500	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wac500h Firmware	Before 6.70\(abwa.4\)

Running on/with	Platform Versions
Zyxel Wac500h	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax300h Firmware	Before 7.00\(achf.1\)

Running on/with	Platform Versions
Zyxel Wax300h	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax510d Firmware	Before 7.00\(abtf.1\)

Running on/with	Platform Versions
Zyxel Wax510d	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax610d Firmware	Before 7.00\(abte.1\)

Running on/with	Platform Versions
Zyxel Wax610d	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax620d 6e Firmware	Before 7.00\(accn.1\)

Running on/with	Platform Versions
Zyxel Wax620d 6e	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax630s Firmware	Before 7.00\(abzd.1\)

Running on/with	Platform Versions
Zyxel Wax630s	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax640s 6e Firmware	Before 7.00\(accm.1\)

Running on/with	Platform Versions
Zyxel Wax640s 6e	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax650s Firmware	Before 7.00\(abrm.1\)

Running on/with	Platform Versions
Zyxel Wax650s	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wax655e Firmware	Before 7.00\(acdo.1\)

Running on/with	Platform Versions
Zyxel Wax655e	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Wbe660s Firmware	Before 7.00\(acgg.1\)

Running on/with	Platform Versions
Zyxel Wbe660s	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024

Source: security@zyxel.com.tw

Vendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.