FKIE_CVE-2024-1575
Vulnerability from fkie_nvd - Published: 2024-07-23 02:15 - Updated: 2025-01-22 22:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | nwa50ax_firmware | * | |
| zyxel | nwa50ax | - | |
| zyxel | nwa50ax-pro_firmware | * | |
| zyxel | nwa50ax-pro | - | |
| zyxel | nwa55axe_firmware | * | |
| zyxel | nwa55axe | - | |
| zyxel | nwa90ax_firmware | * | |
| zyxel | nwa90ax | - | |
| zyxel | nwa90ax-pro_firmware | * | |
| zyxel | nwa90ax-pro | - | |
| zyxel | nwa110ax_firmware | * | |
| zyxel | nwa110ax | - | |
| zyxel | nwa210ax_firmware | * | |
| zyxel | nwa210ax | - | |
| zyxel | nwa220ax-6e_firmware | * | |
| zyxel | nwa220ax-6e | - | |
| zyxel | nwa1123acv3_firmware | * | |
| zyxel | nwa1123acv3 | - | |
| zyxel | wac500_firmware | * | |
| zyxel | wac500 | - | |
| zyxel | wac500h_firmware | * | |
| zyxel | wac500h | - | |
| zyxel | wax300h_firmware | * | |
| zyxel | wax300h | - | |
| zyxel | wax510d_firmware | * | |
| zyxel | wax510d | - | |
| zyxel | wax610d_firmware | * | |
| zyxel | wax610d | - | |
| zyxel | wax620d-6e_firmware | * | |
| zyxel | wax620d-6e | - | |
| zyxel | wax630s_firmware | * | |
| zyxel | wax630s | - | |
| zyxel | wax640s-6e_firmware | * | |
| zyxel | wax640s-6e | - | |
| zyxel | wax650s_firmware | * | |
| zyxel | wax650s | - | |
| zyxel | wax655e_firmware | * | |
| zyxel | wax655e | - | |
| zyxel | wbe660s_firmware | * | |
| zyxel | wbe660s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8696DE-6B52-435C-B910-6FE4E731C2D9",
"versionEndExcluding": "7.00\\(abyw.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74F8426E-D74D-44E1-96E2-2873D9EC5493",
"versionEndExcluding": "7.00\\(acge.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA733CF7-A57D-499C-B2B7-CA894EDE7AD6",
"versionEndExcluding": "7.00\\(abzl.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80A74559-9DCE-414B-AEF3-3C2E2088B930",
"versionEndExcluding": "7.00\\(accv.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DFAC25-E7B6-4C83-ADAD-87200634C608",
"versionEndExcluding": "7.00\\(acgf.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2AF8B6-D22B-4E82-8B03-8111AAD0EDD1",
"versionEndExcluding": "7.00\\(abtg.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D00E81A-CE90-41E2-A431-C30A931958C8",
"versionEndExcluding": "7.00\\(abtd.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E112EA3-4A6E-4DB6-9757-C9EBDC103A39",
"versionEndExcluding": "7.00\\(acco.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD425E6E-5D45-4FB5-9DEB-1D513B51D434",
"versionEndExcluding": "6.70\\(abvt.4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC0CF83-69C5-4512-BCE8-BB967E884052",
"versionEndExcluding": "6.70\\(abvs.4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AC3BAD-2544-4CA6-A276-65449D925A7F",
"versionEndExcluding": "6.70\\(abwa.4\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3E4C75-D7EA-4420-8C75-41F50BD38BE9",
"versionEndExcluding": "7.00\\(achf.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3073565-BCDF-46EA-8FB0-E9BF402A5122",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51DEEC5B-58B9-42F9-A4D5-F3E3052158D4",
"versionEndExcluding": "7.00\\(abtf.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE514B5-8D07-4FB4-8EB8-7CF7E55C3E11",
"versionEndExcluding": "7.00\\(abte.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA59F338-1359-42CF-B9EC-8D2B2DDB38EC",
"versionEndExcluding": "7.00\\(accn.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BCC6FF-5A92-4B3A-BE6F-7D896ABF1E41",
"versionEndExcluding": "7.00\\(abzd.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A478145-5144-44CA-94AC-134CEFDCAF47",
"versionEndExcluding": "7.00\\(accm.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F11E363A-FF52-41EB-B638-C5EBAC282BD1",
"versionEndExcluding": "7.00\\(abrm.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349E2140-7E73-4682-ACA4-C89F4EF0D590",
"versionEndExcluding": "7.00\\(acdo.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64D953D8-8351-44F4-ADCE-97F11DF62AE7",
"versionEndExcluding": "7.00\\(acgg.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device."
},
{
"lang": "es",
"value": " La vulnerabilidad de administraci\u00f3n de privilegios incorrecta en la versi\u00f3n 6.70 (ACGG.3) del firmware Zyxel WBE660S y versiones anteriores podr\u00eda permitir a un usuario autenticado escalar privilegios y descargar los archivos de configuraci\u00f3n en un dispositivo vulnerable."
}
],
"id": "CVE-2024-1575",
"lastModified": "2025-01-22T22:33:15.853",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-23T02:15:02.090",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…