CVE-2024-1575

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1575
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024 Vendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*
History

22 Jan 2025, 22:33

Type Values Removed Values Added
CWE CWE-269 NVD-CWE-noinfo
CPE cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*
References () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024 - () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024 - Vendor Advisory
First Time Zyxel nwa90ax
Zyxel wax640s-6e
Zyxel wac500h Firmware
Zyxel nwa50ax-pro Firmware
Zyxel nwa110ax
Zyxel wax655e
Zyxel nwa1123acv3 Firmware
Zyxel wac500h
Zyxel wbe660s Firmware
Zyxel wax650s
Zyxel wax640s-6e Firmware
Zyxel nwa210ax Firmware
Zyxel wax300h
Zyxel wax630s
Zyxel nwa90ax-pro
Zyxel nwa110ax Firmware
Zyxel
Zyxel nwa220ax-6e
Zyxel nwa50ax-pro
Zyxel nwa220ax-6e Firmware
Zyxel nwa55axe
Zyxel wax610d Firmware
Zyxel wax620d-6e Firmware
Zyxel wax620d-6e
Zyxel wax610d
Zyxel nwa50ax Firmware
Zyxel nwa90ax Firmware
Zyxel wax630s Firmware
Zyxel wax650s Firmware
Zyxel wbe660s
Zyxel wax510d Firmware
Zyxel nwa210ax
Zyxel wax655e Firmware
Zyxel wax300h Firmware
Zyxel nwa1123acv3
Zyxel wac500
Zyxel nwa50ax
Zyxel wax510d
Zyxel nwa90ax-pro Firmware
Zyxel wac500 Firmware
Zyxel nwa55axe Firmware
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

23 Jul 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-23 02:15

Updated : 2025-01-22 22:33

NVD link : CVE-2024-1575

Mitre link : CVE-2024-1575

JSON object : View

Products Affected

zyxel

  • wax620d-6e
  • wax630s_firmware
  • nwa90ax-pro
  • wax640s-6e_firmware
  • wac500_firmware
  • wax640s-6e
  • nwa90ax
  • nwa220ax-6e_firmware
  • nwa50ax
  • nwa50ax-pro
  • wax510d_firmware
  • wax620d-6e_firmware
  • nwa210ax_firmware
  • wbe660s
  • nwa90ax_firmware
  • wax300h_firmware
  • wax650s_firmware
  • wax655e_firmware
  • wac500h
  • wac500
  • wac500h_firmware
  • nwa55axe
  • wax510d
  • nwa50ax-pro_firmware
  • nwa1123acv3
  • wbe660s_firmware
  • wax650s
  • wax610d
  • nwa1123acv3_firmware
  • wax655e
  • nwa220ax-6e
  • nwa110ax
  • nwa55axe_firmware
  • wax610d_firmware
  • wax300h
  • wax630s
  • nwa50ax_firmware
  • nwa210ax
  • nwa110ax_firmware
  • nwa90ax-pro_firmware
CWE
NVD-CWE-noinfo