CVE-2024-12398

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 43.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nwa110ax Firmware Zyxel Nwa1123acv3 Firmware Zyxel Nwa130be Firmware +20 more

Timeline

PublishedJan 14

Description

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages25 packages

▶NVDzyxel/wbe530_firmware< 7.10\(acle.1\)

▶NVDzyxel/wbe660s_firmware< 7.00\(acgg.1\)

▶CVEListV5zyxel/wbe530_firmware7.00(ACLE.3)

▶CVEListV5zyxel/wbe660s_firmware6.70(ACGG.2)

▶NVDzyxel/wac500_firmware< 6.70\(abvs.6\)

🔴Vulnerability Details

GHSA

GHSA-29rw-7xhw-cxx2: An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7↗2025-01-14

▶

CVEList

CVE-2024-12398: An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7↗2025-01-14

▶