CVE-2024-12398

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:nwa50ax_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa50ax_pro:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:zyxel:nwa90ax_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa90ax_pro:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:zyxel:nwa130be_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa130be:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:zyxel:wbe530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wbe530:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:zyxel:usg_lite_60ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg_lite_60ax:-:*:*:*:*:*:*:*

History

21 Jan 2025, 21:12

Type	Values Removed	Values Added
References	~~() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 -~~	() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 - Vendor Advisory
First Time		Zyxel nwa90ax Zyxel wax640s-6e Zyxel nwa50ax Pro Zyxel wac500h Firmware Zyxel nwa90ax Pro Firmware Zyxel nwa110ax Zyxel wax655e Zyxel nwa1123acv3 Firmware Zyxel nwa130be Firmware Zyxel wac500h Zyxel wbe660s Firmware Zyxel wax650s Zyxel wax640s-6e Firmware Zyxel nwa50ax Pro Firmware Zyxel nwa210ax Firmware Zyxel wax300h Zyxel nwa90ax Pro Zyxel wax630s Zyxel nwa110ax Firmware Zyxel Zyxel nwa220ax-6e Zyxel wbe530 Firmware Zyxel wbe530 Zyxel usg Lite 60ax Firmware Zyxel nwa220ax-6e Firmware Zyxel nwa55axe Zyxel wax610d Firmware Zyxel wax620d-6e Firmware Zyxel wax620d-6e Zyxel wax610d Zyxel nwa50ax Firmware Zyxel nwa90ax Firmware Zyxel wax630s Firmware Zyxel wax650s Firmware Zyxel wbe660s Zyxel wax510d Firmware Zyxel nwa210ax Zyxel wax655e Firmware Zyxel wax300h Firmware Zyxel nwa1123acv3 Zyxel wac500 Zyxel nwa130be Zyxel nwa50ax Zyxel wax510d Zyxel usg Lite 60ax Zyxel wac500 Firmware Zyxel nwa55axe Firmware
CWE	~~CWE-269~~	NVD-CWE-noinfo
CPE		cpe:2.3:h:zyxel:wax510d:-:::::::* cpe:2.3:o:zyxel:nwa50ax_firmware:::::::: cpe:2.3:o:zyxel:nwa50ax_pro_firmware:::::::: cpe:2.3:o:zyxel:nwa110ax_firmware:::::::: cpe:2.3:h:zyxel:wax610d:-:::::::* cpe:2.3:o:zyxel:wac500h_firmware:::::::: cpe:2.3:o:zyxel:wax630s_firmware:::::::: cpe:2.3:h:zyxel:nwa90ax_pro:-:::::::* cpe:2.3:o:zyxel:wax620d-6e_firmware:::::::: cpe:2.3:h:zyxel:wax630s:-:::::::* cpe:2.3:h:zyxel:nwa210ax:-:::::::* cpe:2.3:o:zyxel:wax640s-6e_firmware:::::::: cpe:2.3:o:zyxel:wac500_firmware:::::::: cpe:2.3:o:zyxel:usg_lite_60ax_firmware:::::::: cpe:2.3:h:zyxel:nwa110ax:-:::::::* cpe:2.3:o:zyxel:wax610d_firmware:::::::: cpe:2.3:h:zyxel:wbe660s:-:::::::* cpe:2.3:h:zyxel:nwa220ax-6e:-:::::::* cpe:2.3:h:zyxel:wax650s:-:::::::* cpe:2.3:o:zyxel:wax650s_firmware:::::::: cpe:2.3:h:zyxel:nwa55axe:-:::::::* cpe:2.3:o:zyxel:wax300h_firmware:::::::: cpe:2.3:h:zyxel:usg_lite_60ax:-:::::::* cpe:2.3:o:zyxel:nwa1123acv3_firmware:::::::: cpe:2.3:o:zyxel:nwa90ax_firmware:::::::: cpe:2.3:h:zyxel:nwa50ax:-:::::::* cpe:2.3:o:zyxel:nwa210ax_firmware:::::::: cpe:2.3:h:zyxel:wac500:-:::::::* cpe:2.3:o:zyxel:nwa55axe_firmware:::::::: cpe:2.3:h:zyxel:wbe530:-:::::::* cpe:2.3:o:zyxel:wax510d_firmware:::::::: cpe:2.3:h:zyxel:wax640s-6e:-:::::::* cpe:2.3:h:zyxel:wax655e:-:::::::* cpe:2.3:o:zyxel:wbe530_firmware:::::::: cpe:2.3:o:zyxel:wbe660s_firmware:::::::: cpe:2.3:h:zyxel:nwa50ax_pro:-:::::::* cpe:2.3:h:zyxel:wax620d-6e:-:::::::* cpe:2.3:h:zyxel:nwa1123acv3:-:::::::* cpe:2.3:h:zyxel:wax300h:-:::::::* cpe:2.3:o:zyxel:nwa130be_firmware:::::::: cpe:2.3:o:zyxel:nwa90ax_pro_firmware:::::::: cpe:2.3:h:zyxel:nwa90ax:-:::::::* cpe:2.3:h:zyxel:wac500h:-:::::::* cpe:2.3:o:zyxel:wax655e_firmware:::::::: cpe:2.3:h:zyxel:nwa130be:-:::::::* cpe:2.3:o:zyxel:nwa220ax-6e_firmware::::::::

14 Jan 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-14 02:15

Updated : 2025-01-21 21:12

NVD link : CVE-2024-12398

Mitre link : CVE-2024-12398

JSON object : View

Products Affected

zyxel

wax620d-6e
wax630s_firmware
wax640s-6e_firmware
wac500_firmware
wax640s-6e
nwa50ax_pro
nwa90ax
nwa220ax-6e_firmware
nwa50ax
wax510d_firmware
wax620d-6e_firmware
nwa130be_firmware
nwa210ax_firmware
wbe660s
nwa90ax_firmware
wax300h_firmware
wax650s_firmware
wax655e_firmware
wac500h
wac500
wbe530_firmware
wac500h_firmware
nwa55axe
wax510d
nwa90ax_pro_firmware
nwa1123acv3
nwa90ax_pro
wbe660s_firmware
nwa130be
usg_lite_60ax
wax650s
wax610d
nwa1123acv3_firmware
wax655e
nwa220ax-6e
nwa110ax
nwa55axe_firmware
wax610d_firmware
wax300h
wax630s
nwa50ax_firmware
nwa210ax
nwa110ax_firmware
usg_lite_60ax_firmware
nwa50ax_pro_firmware
wbe530

CWE

NVD-CWE-noinfo

8.8 /10