All the vulnerabilites related to ZEXELON CO., LTD. - ZWX-2000CSW2-HN
jvndb-2024-000084
Vulnerability from jvndb
Published
2024-08-05 13:46
Modified
2024-08-05 13:46
Severity ?
Summary
Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN
Details
ZWX-2000CSW2-HN provided by ZEXELON CO., LTD. is a high-speed coaxial modem with wireless LAN functions. ZWX-2000CSW2-HN contains multiple vulnerabilities listed below.
<ul>
<li>Use of hard-coded credentials (CWE-798) - CVE-2024-39838</li>
<li>Incorrect permission assignment for critical resource (CWE-732) - CVE-2024-41720</li>
</ul>
Hiroki Sato of Tokyo Institute of Technology reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| ZEXELON CO., LTD. | ZWX-2000CSW2-HN |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000084.html",
"dc:date": "2024-08-05T13:46+09:00",
"dcterms:issued": "2024-08-05T13:46+09:00",
"dcterms:modified": "2024-08-05T13:46+09:00",
"description": "ZWX-2000CSW2-HN provided by ZEXELON CO., LTD. is a high-speed coaxial modem with wireless LAN functions. ZWX-2000CSW2-HN contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eUse of hard-coded credentials (CWE-798) - CVE-2024-39838\u003c/li\u003e\r\n\u003cli\u003eIncorrect permission assignment for critical resource (CWE-732) - CVE-2024-41720\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nHiroki Sato of Tokyo Institute of Technology reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000084.html",
"sec:cpe": {
"#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
"@product": "ZWX-2000CSW2-HN",
"@vendor": "ZEXELON CO., LTD.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.0",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000084",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN70666401/index.html",
"@id": "JVN#70666401",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-39838",
"@id": "CVE-2024-39838",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-41720",
"@id": "CVE-2024-41720",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN"
}
cve-2024-39838
Vulnerability from cvelistv5
Published
2024-08-05 04:35
Modified
2024-08-05 13:27
Severity ?
EPSS score ?
Summary
ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | ZEXELON CO., LTD. | ZWX-2000CSW2-HN |
Version: firmware versions prior to Ver.0.3.15 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T13:27:03.329516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T13:27:13.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZWX-2000CSW2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.0.3.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T04:35:39.287Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN70666401/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39838",
"datePublished": "2024-08-05T04:35:39.287Z",
"dateReserved": "2024-07-26T05:46:45.774Z",
"dateUpdated": "2024-08-05T13:27:13.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41720
Vulnerability from cvelistv5
Published
2024-08-05 04:36
Modified
2024-08-05 18:45
Severity ?
EPSS score ?
Summary
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | ZEXELON CO., LTD. | ZWX-2000CSW2-HN |
Version: firmware versions prior to Ver.0.3.15 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T18:45:07.840217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T18:45:55.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZWX-2000CSW2-HN",
"vendor": "ZEXELON CO., LTD.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.0.3.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T04:36:17.042Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN70666401/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-41720",
"datePublished": "2024-08-05T04:36:17.042Z",
"dateReserved": "2024-07-26T05:46:46.795Z",
"dateUpdated": "2024-08-05T18:45:55.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}