CVE-2024-41720

Published: Aug 5, 2024Modified: Mar 17, 2025

8.0

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.

Affected (1)

Products: Zexelon: Zwx 2000csw2 Hn Firmware

Zexelon

1 product

Zwx 2000csw2 Hn Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zexelon Zwx 2000csw2 Hn Firmware	Before 0.3.15

Running on/with	Platform Versions
Zexelon Zwx 2000csw2 Hn	All versions

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://jvn.jp/en/jp/JVN70666401/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.zexelon.co.jp/pdf/jvn70666401.pdf

Source: vultures@jpcert.or.jp

Vendor Advisory

Timeline

No history available yet.