CVE-2024-1575

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 50.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nwa110ax Firmware Zyxel Nwa1123acv3 Firmware Zyxel Nwa210ax Firmware +17 more

Timeline

PublishedJul 23

Description

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages21 packages

▶NVDzyxel/wbe660s_firmware< 7.00\(acgg.1\)

▶CVEListV5zyxel/wbe660s_firmware6.70(ACGG.3)

▶NVDzyxel/wac500_firmware< 6.70\(abvs.4\)

▶NVDzyxel/nwa50ax_firmware< 7.00\(abyw.1\)

▶NVDzyxel/nwa90ax_firmware< 7.00\(accv.1\)

🔴Vulnerability Details

CVEList

CVE-2024-1575: The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6↗2024-07-23

▶

GHSA

GHSA-w52f-78r3-v89r: The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6↗2024-07-23

▶