CVE-2024-1575: The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to…

medium6.5CVSS 3.1

AVNACLPRLUINSUCHINAN

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
zyxel	nwa110ax_firmware	< 7.00\(abtg.1\)	7.00\(abtg.1\)
zyxel	nwa1123acv3_firmware	< 6.70\(abvt.4\)	6.70\(abvt.4\)
zyxel	nwa210ax_firmware	< 7.00\(abtd.1\)	7.00\(abtd.1\)
zyxel	nwa220ax-6e_firmware	< 7.00\(acco.1\)	7.00\(acco.1\)
zyxel	nwa50ax-pro_firmware	< 7.00\(acge.1\)	7.00\(acge.1\)
zyxel	nwa50ax_firmware	< 7.00\(abyw.1\)	7.00\(abyw.1\)
zyxel	nwa55axe_firmware	< 7.00\(abzl.1\)	7.00\(abzl.1\)
zyxel	nwa90ax-pro_firmware	< 7.00\(acgf.1\)	7.00\(acgf.1\)
zyxel	nwa90ax_firmware	< 7.00\(accv.1\)	7.00\(accv.1\)
zyxel	wac500_firmware	< 6.70\(abvs.4\)	6.70\(abvs.4\)
zyxel	wac500h_firmware	< 6.70\(abwa.4\)	6.70\(abwa.4\)
zyxel	wax300h_firmware	< 7.00\(achf.1\)	7.00\(achf.1\)
zyxel	wax510d_firmware	< 7.00\(abtf.1\)	7.00\(abtf.1\)
zyxel	wax610d_firmware	< 7.00\(abte.1\)	7.00\(abte.1\)
zyxel	wax620d-6e_firmware	< 7.00\(accn.1\)	7.00\(accn.1\)
zyxel	wax630s_firmware	< 7.00\(abzd.1\)	7.00\(abzd.1\)
zyxel	wax640s-6e_firmware	< 7.00\(accm.1\)	7.00\(accm.1\)
zyxel	wax650s_firmware	< 7.00\(abrm.1\)	7.00\(abrm.1\)
zyxel	wax655e_firmware	< 7.00\(acdo.1\)	7.00\(acdo.1\)
zyxel	wbe660s_firmware	< 7.00\(acgg.1\)	7.00\(acgg.1\)
zyxel	wbe660s_firmware	<= 6.70(ACGG.3)	—