CVE-2024-12398 - Vulnerability Details

Vendors	Products
Zyxel	Nwa110ax Nwa110ax Firmware Nwa1123acv3 Nwa1123acv3 Firmware Nwa130be Nwa130be Firmware Nwa210ax Nwa210ax Firmware Nwa220ax-6e Nwa220ax-6e Firmware Nwa50ax Nwa50ax Firmware Nwa50ax Pro Nwa50ax Pro Firmware Nwa55axe Nwa55axe Firmware Nwa90ax Nwa90ax Firmware Nwa90ax Pro Nwa90ax Pro Firmware Usg Lite 60ax Usg Lite 60ax Firmware Wac500 Wac500 Firmware Wac500h Wac500h Firmware Wax300h Wax300h Firmware Wax510d Wax510d Firmware Wax610d Wax610d Firmware Wax620d-6e Wax620d-6e Firmware Wax630s Wax630s Firmware Wax640s-6e Wax640s-6e Firmware Wax650s Wax650s Firmware Wax655e Wax655e Firmware Wbe530 Wbe530 Firmware Wbe660s Wbe660s Firmware

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12398", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2024-12-10T03:31:12.696Z", "datePublished": "2025-01-14T01:39:04.348Z", "dateUpdated": "2025-01-14T15:26:24.681Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WBE530 firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "<= 7.00(ACLE.3)"}]}, {"defaultStatus": "unaffected", "product": "WBE660S firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "<= 6.70(ACGG.2)"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and&nbsp;WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device."}], "value": "An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and\u00a0WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2025-01-14T01:39:04.348Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-14T15:26:11.215705Z", "id": "CVE-2024-12398", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T15:26:24.681Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-12398 (string)

assignerOrgId : 96e50032-ad0d-4058-a115-4d2c13821f9f (string)

state : PUBLISHED (string)

assignerShortName : Zyxel (string)

dateReserved : 2024-12-10T03:31:12.696Z (string)

datePublished : 2025-01-14T01:39:04.348Z (string)

dateUpdated : 2025-01-14T15:26:24.681Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : WBE530 firmware (string)

vendor : Zyxel (string)

versions : [ »

0 : { »

status : affected (string)

version : <= 7.00(ACLE.3) (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

product : WBE660S firmware (string)

vendor : Zyxel (string)

versions : [ »

0 : { »

status : affected (string)

version : <= 6.70(ACGG.2) (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device. (string)

}

]

value : An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-269 (string)

description : CWE-269 Improper Privilege Management (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 96e50032-ad0d-4058-a115-4d2c13821f9f (string)

shortName : Zyxel (string)

dateUpdated : 2025-01-14T01:39:04.348Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

]

url : https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-01-14T15:26:11.215705Z (string)

id : CVE-2024-12398 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-01-14T15:26:24.681Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12398", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-14T15:26:11.215705Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T15:26:18.975Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zyxel", "product": "WBE530 firmware", "versions": [{"status": "affected", "version": "<= 7.00(ACLE.3)"}], "defaultStatus": "unaffected"}, {"vendor": "Zyxel", "product": "WBE660S firmware", "versions": [{"status": "affected", "version": "<= 6.70(ACGG.2)"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and\u00a0WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.", "supportingMedia": [{"type": "text/html", "value": "An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and&nbsp;WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2025-01-14T01:39:04.348Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12398", "state": "PUBLISHED", "dateUpdated": "2025-01-14T15:26:24.681Z", "dateReserved": "2024-12-10T03:31:12.696Z", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "datePublished": "2025-01-14T01:39:04.348Z", "assignerShortName": "Zyxel"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-12398 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-01-14T15:26:11.215705Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-01-14T15:26:18.975Z (string)

}

]

cna : { »

source : { »

discovery : UNKNOWN (string)

}

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 8.8 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : LOW (string)

confidentialityImpact : HIGH (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Zyxel (string)

product : WBE530 firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : <= 7.00(ACLE.3) (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : Zyxel (string)

product : WBE660S firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : <= 6.70(ACGG.2) (string)

}

]

defaultStatus : unaffected (string)

}

]

references : [ »

0 : { »

url : https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 (string)

tags : [ »

0 : vendor-advisory (string)

]

}

]

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device. (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-269 (string)

description : CWE-269 Improper Privilege Management (string)

}

]

}

]

providerMetadata : { »

orgId : 96e50032-ad0d-4058-a115-4d2c13821f9f (string)

shortName : Zyxel (string)

dateUpdated : 2025-01-14T01:39:04.348Z (string)

}

cveMetadata : { »

cveId : CVE-2024-12398 (string)

state : PUBLISHED (string)

dateUpdated : 2025-01-14T15:26:24.681Z (string)

dateReserved : 2024-12-10T03:31:12.696Z (string)

assignerOrgId : 96e50032-ad0d-4058-a115-4d2c13821f9f (string)

datePublished : 2025-01-14T01:39:04.348Z (string)

assignerShortName : Zyxel (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CDBEB22-3832-4C51-B811-8A2BF996D09E", "versionEndExcluding": "7.10\\(abyw.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9719A4E4-DB57-4703-AC29-FD94CF89E7E0", "versionEndExcluding": "7.10\\(acge.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "F36E7DCD-08BA-4FA1-9A8E-ADE956704132", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD6F3443-E169-4CA7-B18D-2DF68A507E59", "versionEndExcluding": "7.10\\(abzl.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7961037-D162-4BAA-948E-18BB25385117", "versionEndExcluding": "7.10\\(accv.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EBC66E4-8643-47FE-80C0-14E53318C84E", "versionEndExcluding": "7.10\\(acgf.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "480A495A-A4C4-4696-B500-B6333C79A28B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E159E289-85E2-4A82-B0DF-309096479A81", "versionEndExcluding": "7.10\\(abtg.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa130be_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4360DF1-898A-4CCE-905D-05AE164195B5", "versionEndExcluding": "7.10\\(acil.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa130be:-:*:*:*:*:*:*:*", "matchCriteriaId": "782F9AB7-3464-4BFE-B502-B62CD51A8865", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF298D2B-3FCE-4974-9720-00266FE68D09", "versionEndExcluding": "7.10\\(abtd.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A290449D-A968-4E76-A3E0-58483D14CA34", "versionEndExcluding": "7.10\\(acco.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD3C70D2-3ABE-45D1-BAC1-F5378CA3B758", "versionEndExcluding": "6.70\\(abvt.6\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*", "matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "61033C21-7255-4BBC-A22E-E87FB4C92C88", "versionEndExcluding": "6.70\\(abvs.6\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACC84162-28C7-4DA9-88C4-BFAE9315C805", "versionEndExcluding": "6.70\\(abwa.6\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "91F75AB8-A165-4A09-B8F8-B63548E09887", "versionEndExcluding": "7.10\\(achf.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3073565-BCDF-46EA-8FB0-E9BF402A5122", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A34A2784-082B-4E26-8E1F-C395A7151DE5", "versionEndExcluding": "7.10\\(abtf.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE039840-2274-4E56-ABA5-EEF2932A3046", "versionEndExcluding": "7.10\\(abte.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*", "matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B410A50-3756-43BC-AAC3-3CCA65CD24EA", "versionEndExcluding": "7.10\\(accn.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "75F74AE8-4CF4-4CDE-9CA0-1FB0E31D8DEB", "versionEndExcluding": "7.10\\(abzd.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DFA7899-2BFE-4F0D-B18B-059C16A4742E", "versionEndExcluding": "7.10\\(accm.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "93F89B44-3959-4709-B65D-F9B72646D746", "versionEndExcluding": "7.10\\(abrm.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*", "matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFF2B717-0B0C-4A10-86A6-ABFB592C4A52", "versionEndExcluding": "7.10\\(acdo.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*", "matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wbe530_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AAF5DBAB-37C2-4436-AA29-C48A0E88A673", "versionEndExcluding": "7.10\\(acle.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wbe530:-:*:*:*:*:*:*:*", "matchCriteriaId": "3061579E-C708-42BC-86FC-B6223B941335", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "64D953D8-8351-44F4-ADCE-97F11DF62AE7", "versionEndExcluding": "7.00\\(acgg.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_lite_60ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C68921A-9FD4-41AA-A6A3-5F3BCC36C345", "versionEndExcluding": "2.10\\(acip.0\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_lite_60ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC710993-3E55-4C88-A261-0A67F5069071", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and\u00a0WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device."}, {"lang": "es", "value": " Una vulnerabilidad de administraci\u00f3n de privilegios inadecuada en la interfaz de administraci\u00f3n web de las versiones de firmware Zyxel WBE530 hasta 7.00 (ACLE.3) y las versiones de firmware WBE660S hasta 6.70 (ACGG.2) podr\u00eda permitir que un usuario autenticado con privilegios limitados aumente sus privilegios a los de administrador, lo que le permitir\u00eda cargar archivos de configuraci\u00f3n a un dispositivo vulnerable."}], "id": "CVE-2024-12398", "lastModified": "2025-01-21T21:12:02.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Primary"}]}, "published": "2025-01-14T02:15:07.990", "references": [{"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@zyxel.com.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4CDBEB22-3832-4C51-B811-8A2BF996D09E (string)

versionEndExcluding : 7.10\(abyw.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2806A3B3-8F13-4170-B284-8809E3502044 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:nwa50ax_pro_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9719A4E4-DB57-4703-AC29-FD94CF89E7E0 (string)

versionEndExcluding : 7.10\(acge.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:nwa50ax_pro:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F36E7DCD-08BA-4FA1-9A8E-ADE956704132 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FD6F3443-E169-4CA7-B18D-2DF68A507E59 (string)

versionEndExcluding : 7.10\(abzl.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B7440976-5CB4-40BE-95C2-98EF4B888109 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D7961037-D162-4BAA-948E-18BB25385117 (string)

versionEndExcluding : 7.10\(accv.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3A903978-737E-4266-A670-BC94E32CAF96 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:nwa90ax_pro_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6EBC66E4-8643-47FE-80C0-14E53318C84E (string)

versionEndExcluding : 7.10\(acgf.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:nwa90ax_pro:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 480A495A-A4C4-4696-B500-B6333C79A28B (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E159E289-85E2-4A82-B0DF-309096479A81 (string)

versionEndExcluding : 7.10\(abtg.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 6A3F9232-F988-4428-9898-4F536123CE88 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:nwa130be_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B4360DF1-898A-4CCE-905D-05AE164195B5 (string)

versionEndExcluding : 7.10\(acil.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:nwa130be:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 782F9AB7-3464-4BFE-B502-B62CD51A8865 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FF298D2B-3FCE-4974-9720-00266FE68D09 (string)

versionEndExcluding : 7.10\(abtd.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1BB129F9-64D8-43C2-9366-51EBDF419F5F (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A290449D-A968-4E76-A3E0-58483D14CA34 (string)

versionEndExcluding : 7.10\(acco.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 6E03F755-424D-4248-9076-ED7BECEB94C5 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

9 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FD3C70D2-3ABE-45D1-BAC1-F5378CA3B758 (string)

versionEndExcluding : 6.70\(abvt.6\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 36C13E7F-2186-4587-83E9-57B05A7147B7 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

10 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 61033C21-7255-4BBC-A22E-E87FB4C92C88 (string)

versionEndExcluding : 6.70\(abvs.6\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 7C024551-F08F-4152-940D-1CF8BCD79613 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

11 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : ACC84162-28C7-4DA9-88C4-BFAE9315C805 (string)

versionEndExcluding : 6.70\(abwa.6\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1A1FD502-4F62-4C77-B3BC-E563B24F0067 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

12 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 91F75AB8-A165-4A09-B8F8-B63548E09887 (string)

versionEndExcluding : 7.10\(achf.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C3073565-BCDF-46EA-8FB0-E9BF402A5122 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

13 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A34A2784-082B-4E26-8E1F-C395A7151DE5 (string)

versionEndExcluding : 7.10\(abtf.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2A37A0E9-D505-4376-AB0E-1C0FD7E53A55 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

14 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CE039840-2274-4E56-ABA5-EEF2932A3046 (string)

versionEndExcluding : 7.10\(abte.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3518DA0A-2C7B-4979-A457-0826C921B0F0 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

15 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2B410A50-3756-43BC-AAC3-3CCA65CD24EA (string)

versionEndExcluding : 7.10\(accn.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

16 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 75F74AE8-4CF4-4CDE-9CA0-1FB0E31D8DEB (string)

versionEndExcluding : 7.10\(abzd.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DC74AAF9-5206-4CEB-9023-6CD4F38AA623 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

17 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3DFA7899-2BFE-4F0D-B18B-059C16A4742E (string)

versionEndExcluding : 7.10\(accm.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 20E4E9A0-DF92-47B7-94D6-0867E3171E47 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

18 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 93F89B44-3959-4709-B65D-F9B72646D746 (string)

versionEndExcluding : 7.10\(abrm.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D784994E-E2CE-4328-B490-D9DC195A53DB (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

19 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FFF2B717-0B0C-4A10-86A6-ABFB592C4A52 (string)

versionEndExcluding : 7.10\(acdo.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 61158220-B5E8-4BF4-B2C2-E8ABFD3266CF (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

20 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wbe530_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AAF5DBAB-37C2-4436-AA29-C48A0E88A673 (string)

versionEndExcluding : 7.10\(acle.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wbe530:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3061579E-C708-42BC-86FC-B6223B941335 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

21 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 64D953D8-8351-44F4-ADCE-97F11DF62AE7 (string)

versionEndExcluding : 7.00\(acgg.1\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9FC2F3A4-0598-49B0-9829-AF43C97E9E8E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

22 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:zyxel:usg_lite_60ax_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7C68921A-9FD4-41AA-A6A3-5F3BCC36C345 (string)

versionEndExcluding : 2.10\(acip.0\) (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:zyxel:usg_lite_60ax:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EC710993-3E55-4C88-A261-0A67F5069071 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de administración de privilegios inadecuada en la interfaz de administración web de las versiones de firmware Zyxel WBE530 hasta 7.00 (ACLE.3) y las versiones de firmware WBE660S hasta 6.70 (ACGG.2) podría permitir que un usuario autenticado con privilegios limitados aumente sus privilegios a los de administrador, lo que le permitiría cargar archivos de configuración a un dispositivo vulnerable. (string)

}

]

id : CVE-2024-12398 (string)

lastModified : 2025-01-21T21:12:02.310 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : security@zyxel.com.tw (string)

type : Primary (string)

}

]

}

published : 2025-01-14T02:15:07.990 (string)

references : [ »

0 : { »

source : security@zyxel.com.tw (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 (string)

}

]

sourceIdentifier : security@zyxel.com.tw (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-269 (string)

}

]

source : security@zyxel.com.tw (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Type	Values Removed	Values Added
First Time appeared		Zyxel Zyxel nwa110ax Zyxel nwa110ax Firmware Zyxel nwa1123acv3 Zyxel nwa1123acv3 Firmware Zyxel nwa130be Zyxel nwa130be Firmware Zyxel nwa210ax Zyxel nwa210ax Firmware Zyxel nwa220ax-6e Zyxel nwa220ax-6e Firmware Zyxel nwa50ax Zyxel nwa50ax Firmware Zyxel nwa50ax Pro Zyxel nwa50ax Pro Firmware Zyxel nwa55axe Zyxel nwa55axe Firmware Zyxel nwa90ax Zyxel nwa90ax Firmware Zyxel nwa90ax Pro Zyxel nwa90ax Pro Firmware Zyxel usg Lite 60ax Zyxel usg Lite 60ax Firmware Zyxel wac500 Zyxel wac500 Firmware Zyxel wac500h Zyxel wac500h Firmware Zyxel wax300h Zyxel wax300h Firmware Zyxel wax510d Zyxel wax510d Firmware Zyxel wax610d Zyxel wax610d Firmware Zyxel wax620d-6e Zyxel wax620d-6e Firmware Zyxel wax630s Zyxel wax630s Firmware Zyxel wax640s-6e Zyxel wax640s-6e Firmware Zyxel wax650s Zyxel wax650s Firmware Zyxel wax655e Zyxel wax655e Firmware Zyxel wbe530 Zyxel wbe530 Firmware Zyxel wbe660s Zyxel wbe660s Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:zyxel:nwa110ax:-:::::::* cpe:2.3:h:zyxel:nwa1123acv3:-:::::::* cpe:2.3:h:zyxel:nwa130be:-:::::::* cpe:2.3:h:zyxel:nwa210ax:-:::::::* cpe:2.3:h:zyxel:nwa220ax-6e:-:::::::* cpe:2.3:h:zyxel:nwa50ax:-:::::::* cpe:2.3:h:zyxel:nwa50ax_pro:-:::::::* cpe:2.3:h:zyxel:nwa55axe:-:::::::* cpe:2.3:h:zyxel:nwa90ax:-:::::::* cpe:2.3:h:zyxel:nwa90ax_pro:-:::::::* cpe:2.3:h:zyxel:usg_lite_60ax:-:::::::* cpe:2.3:h:zyxel:wac500:-:::::::* cpe:2.3:h:zyxel:wac500h:-:::::::* cpe:2.3:h:zyxel:wax300h:-:::::::* cpe:2.3:h:zyxel:wax510d:-:::::::* cpe:2.3:h:zyxel:wax610d:-:::::::* cpe:2.3:h:zyxel:wax620d-6e:-:::::::* cpe:2.3:h:zyxel:wax630s:-:::::::* cpe:2.3:h:zyxel:wax640s-6e:-:::::::* cpe:2.3:h:zyxel:wax650s:-:::::::* cpe:2.3:h:zyxel:wax655e:-:::::::* cpe:2.3:h:zyxel:wbe530:-:::::::* cpe:2.3:h:zyxel:wbe660s:-:::::::* cpe:2.3:o:zyxel:nwa110ax_firmware:::::::: cpe:2.3:o:zyxel:nwa1123acv3_firmware:::::::: cpe:2.3:o:zyxel:nwa130be_firmware:::::::: cpe:2.3:o:zyxel:nwa210ax_firmware:::::::: cpe:2.3:o:zyxel:nwa220ax-6e_firmware:::::::: cpe:2.3:o:zyxel:nwa50ax_firmware:::::::: cpe:2.3:o:zyxel:nwa50ax_pro_firmware:::::::: cpe:2.3:o:zyxel:nwa55axe_firmware:::::::: cpe:2.3:o:zyxel:nwa90ax_firmware:::::::: cpe:2.3:o:zyxel:nwa90ax_pro_firmware:::::::: cpe:2.3:o:zyxel:usg_lite_60ax_firmware:::::::: cpe:2.3:o:zyxel:wac500_firmware:::::::: cpe:2.3:o:zyxel:wac500h_firmware:::::::: cpe:2.3:o:zyxel:wax300h_firmware:::::::: cpe:2.3:o:zyxel:wax510d_firmware:::::::: cpe:2.3:o:zyxel:wax610d_firmware:::::::: cpe:2.3:o:zyxel:wax620d-6e_firmware:::::::: cpe:2.3:o:zyxel:wax630s_firmware:::::::: cpe:2.3:o:zyxel:wax640s-6e_firmware:::::::: cpe:2.3:o:zyxel:wax650s_firmware:::::::: cpe:2.3:o:zyxel:wax655e_firmware:::::::: cpe:2.3:o:zyxel:wbe530_firmware:::::::: cpe:2.3:o:zyxel:wbe660s_firmware::::::::
Vendors & Products		Zyxel Zyxel nwa110ax Zyxel nwa110ax Firmware Zyxel nwa1123acv3 Zyxel nwa1123acv3 Firmware Zyxel nwa130be Zyxel nwa130be Firmware Zyxel nwa210ax Zyxel nwa210ax Firmware Zyxel nwa220ax-6e Zyxel nwa220ax-6e Firmware Zyxel nwa50ax Zyxel nwa50ax Firmware Zyxel nwa50ax Pro Zyxel nwa50ax Pro Firmware Zyxel nwa55axe Zyxel nwa55axe Firmware Zyxel nwa90ax Zyxel nwa90ax Firmware Zyxel nwa90ax Pro Zyxel nwa90ax Pro Firmware Zyxel usg Lite 60ax Zyxel usg Lite 60ax Firmware Zyxel wac500 Zyxel wac500 Firmware Zyxel wac500h Zyxel wac500h Firmware Zyxel wax300h Zyxel wax300h Firmware Zyxel wax510d Zyxel wax510d Firmware Zyxel wax610d Zyxel wax610d Firmware Zyxel wax620d-6e Zyxel wax620d-6e Firmware Zyxel wax630s Zyxel wax630s Firmware Zyxel wax640s-6e Zyxel wax640s-6e Firmware Zyxel wax650s Zyxel wax650s Firmware Zyxel wax655e Zyxel wax655e Firmware Zyxel wbe530 Zyxel wbe530 Firmware Zyxel wbe660s Zyxel wbe660s Firmware

Type	Values Removed	Values Added
Description		An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.
Weaknesses		CWE-269
References		https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object