Description

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

INFO

Published Date :

2025-01-14T01:39:04.348Z

Last Modified :

2025-01-14T15:26:24.681Z

Source :

Zyxel
AFFECTED PRODUCTS

The following products are affected by CVE-2024-12398 vulnerability.

Vendors Products
Zyxel
  • Nwa110ax
  • Nwa110ax Firmware
  • Nwa1123acv3
  • Nwa1123acv3 Firmware
  • Nwa130be
  • Nwa130be Firmware
  • Nwa210ax
  • Nwa210ax Firmware
  • Nwa220ax-6e
  • Nwa220ax-6e Firmware
  • Nwa50ax
  • Nwa50ax Firmware
  • Nwa50ax Pro
  • Nwa50ax Pro Firmware
  • Nwa55axe
  • Nwa55axe Firmware
  • Nwa90ax
  • Nwa90ax Firmware
  • Nwa90ax Pro
  • Nwa90ax Pro Firmware
  • Usg Lite 60ax
  • Usg Lite 60ax Firmware
  • Wac500
  • Wac500 Firmware
  • Wac500h
  • Wac500h Firmware
  • Wax300h
  • Wax300h Firmware
  • Wax510d
  • Wax510d Firmware
  • Wax610d
  • Wax610d Firmware
  • Wax620d-6e
  • Wax620d-6e Firmware
  • Wax630s
  • Wax630s Firmware
  • Wax640s-6e
  • Wax640s-6e Firmware
  • Wax650s
  • Wax650s Firmware
  • Wax655e
  • Wax655e Firmware
  • Wbe530
  • Wbe530 Firmware
  • Wbe660s
  • Wbe660s Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12398.

URL Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact