CVE-2024-12398

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12398

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

n improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

References
Link Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:nwa50ax_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa50ax_pro:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zyxel:nwa90ax_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax_pro:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zyxel:nwa130be_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa130be:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:zyxel:wbe530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wbe530:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:zyxel:usg_lite_60ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_lite_60ax:-:*:*:*:*:*:*:*
History

21 Jan 2025, 21:12

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa50ax_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg_lite_60ax:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa130be_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa90ax_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:usg_lite_60ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa50ax_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wbe530:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wbe530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa130be:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*
First Time Zyxel nwa1123acv3
Zyxel nwa50ax Pro
Zyxel wax640s-6e Firmware
Zyxel usg Lite 60ax
Zyxel wbe530 Firmware
Zyxel nwa1123acv3 Firmware
Zyxel wax650s Firmware
Zyxel nwa90ax Pro
Zyxel wbe530
Zyxel wax620d-6e
Zyxel nwa110ax
Zyxel nwa90ax Pro Firmware
Zyxel nwa50ax
Zyxel wax610d
Zyxel nwa130be Firmware
Zyxel wax630s
Zyxel wax610d Firmware
Zyxel wac500 Firmware
Zyxel nwa220ax-6e Firmware
Zyxel wac500
Zyxel wax300h
Zyxel nwa50ax Firmware
Zyxel nwa210ax
Zyxel
Zyxel wax620d-6e Firmware
Zyxel wac500h Firmware
Zyxel nwa90ax Firmware
Zyxel nwa110ax Firmware
Zyxel nwa130be
Zyxel wax640s-6e
Zyxel usg Lite 60ax Firmware
Zyxel nwa90ax
Zyxel wax300h Firmware
Zyxel wbe660s Firmware
Zyxel wax655e
Zyxel wax655e Firmware
Zyxel nwa220ax-6e
Zyxel nwa50ax Pro Firmware
Zyxel wax630s Firmware
Zyxel wax510d Firmware
Zyxel nwa210ax Firmware
Zyxel wac500h
Zyxel nwa55axe
Zyxel nwa55axe Firmware
Zyxel wbe660s
Zyxel wax650s
Zyxel wax510d
References () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 - () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 - Vendor Advisory
Summary
  • (es) Una vulnerabilidad de administración de privilegios inadecuada en la interfaz de administración web de las versiones de firmware Zyxel WBE530 hasta 7.00 (ACLE.3) y las versiones de firmware WBE660S hasta 6.70 (ACGG.2) podría permitir que un usuario autenticado con privilegios limitados aumente sus privilegios a los de administrador, lo que le permitiría cargar archivos de configuración a un dispositivo vulnerable.

14 Jan 2025, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-14 02:15

Updated : 2025-01-21 21:12

NVD link : CVE-2024-12398

Mitre link : CVE-2024-12398

CVE.ORG link : CVE-2024-12398

JSON object : View

Products Affected

zyxel

CWE
CWE-269

Improper Privilege Management

NVD-CWE-noinfo