CVE-2024-39838

Published: Aug 5, 2024Modified: Mar 25, 2025

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.

Affected (1)

Products: Zexelon: Zwx 2000csw2 Hn Firmware

Zexelon

1 product

Zwx 2000csw2 Hn Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zexelon Zwx 2000csw2 Hn Firmware	Before 0.3.15

Running on/with	Platform Versions
Zexelon Zwx 2000csw2 Hn	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://jvn.jp/en/jp/JVN70666401/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.zexelon.co.jp/pdf/jvn70666401.pdf

Source: vultures@jpcert.or.jp

Vendor Advisory

Timeline

No history available yet.