CVE-2024-12398: An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
zyxel	nwa110ax_firmware	< 7.10\(abtg.1\)	7.10\(abtg.1\)
zyxel	nwa1123acv3_firmware	< 6.70\(abvt.6\)	6.70\(abvt.6\)
zyxel	nwa130be_firmware	< 7.10\(acil.1\)	7.10\(acil.1\)
zyxel	nwa210ax_firmware	< 7.10\(abtd.1\)	7.10\(abtd.1\)
zyxel	nwa220ax-6e_firmware	< 7.10\(acco.1\)	7.10\(acco.1\)
zyxel	nwa50ax_firmware	< 7.10\(abyw.1\)	7.10\(abyw.1\)
zyxel	nwa50ax_pro_firmware	< 7.10\(acge.1\)	7.10\(acge.1\)
zyxel	nwa55axe_firmware	< 7.10\(abzl.1\)	7.10\(abzl.1\)
zyxel	nwa90ax_firmware	< 7.10\(accv.1\)	7.10\(accv.1\)
zyxel	nwa90ax_pro_firmware	< 7.10\(acgf.1\)	7.10\(acgf.1\)
zyxel	usg_lite_60ax_firmware	< 2.10\(acip.0\)	2.10\(acip.0\)
zyxel	wac500_firmware	< 6.70\(abvs.6\)	6.70\(abvs.6\)
zyxel	wac500h_firmware	< 6.70\(abwa.6\)	6.70\(abwa.6\)
zyxel	wax300h_firmware	< 7.10\(achf.1\)	7.10\(achf.1\)
zyxel	wax510d_firmware	< 7.10\(abtf.1\)	7.10\(abtf.1\)
zyxel	wax610d_firmware	< 7.10\(abte.1\)	7.10\(abte.1\)
zyxel	wax620d-6e_firmware	< 7.10\(accn.1\)	7.10\(accn.1\)
zyxel	wax630s_firmware	< 7.10\(abzd.1\)	7.10\(abzd.1\)
zyxel	wax640s-6e_firmware	< 7.10\(accm.1\)	7.10\(accm.1\)
zyxel	wax650s_firmware	< 7.10\(abrm.1\)	7.10\(abrm.1\)
zyxel	wax655e_firmware	< 7.10\(acdo.1\)	7.10\(acdo.1\)
zyxel	wbe530_firmware	< 7.10\(acle.1\)	7.10\(acle.1\)
zyxel	wbe530_firmware	<= 7.00(ACLE.3)	—
zyxel	wbe660s_firmware	< 7.00\(acgg.1\)	7.00\(acgg.1\)
zyxel	wbe660s_firmware	<= 6.70(ACGG.2)	—