{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1575", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2024-02-16T07:27:10.034Z", "datePublished": "2024-07-23T01:39:53.232Z", "dateUpdated": "2024-08-01T18:40:21.490Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WBE660S firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "<= 6.70(ACGG.3)"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device."}], "value": "The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-07-23T01:39:53.232Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T13:18:17.536628Z", "id": "CVE-2024-1575", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T13:18:27.277Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.490Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.490Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1575", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-23T13:18:17.536628Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T13:18:23.412Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zyxel", "product": "WBE660S firmware", "versions": [{"status": "affected", "version": "<= 6.70(ACGG.3)"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.", "supportingMedia": [{"type": "text/html", "value": "The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-07-23T01:39:53.232Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1575", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:40:21.490Z", "dateReserved": "2024-02-16T07:27:10.034Z", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "datePublished": "2024-07-23T01:39:53.232Z", "assignerShortName": "Zyxel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A8696DE-6B52-435C-B910-6FE4E731C2D9", "versionEndExcluding": "7.00\\(abyw.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "74F8426E-D74D-44E1-96E2-2873D9EC5493", "versionEndExcluding": "7.00\\(acge.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA733CF7-A57D-499C-B2B7-CA894EDE7AD6", "versionEndExcluding": "7.00\\(abzl.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "80A74559-9DCE-414B-AEF3-3C2E2088B930", "versionEndExcluding": "7.00\\(accv.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3DFAC25-E7B6-4C83-ADAD-87200634C608", "versionEndExcluding": "7.00\\(acgf.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D2AF8B6-D22B-4E82-8B03-8111AAD0EDD1", "versionEndExcluding": "7.00\\(abtg.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D00E81A-CE90-41E2-A431-C30A931958C8", "versionEndExcluding": "7.00\\(abtd.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E112EA3-4A6E-4DB6-9757-C9EBDC103A39", "versionEndExcluding": "7.00\\(acco.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD425E6E-5D45-4FB5-9DEB-1D513B51D434", "versionEndExcluding": "6.70\\(abvt.4\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*", "matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DC0CF83-69C5-4512-BCE8-BB967E884052", "versionEndExcluding": "6.70\\(abvs.4\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8AC3BAD-2544-4CA6-A276-65449D925A7F", "versionEndExcluding": "6.70\\(abwa.4\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F3E4C75-D7EA-4420-8C75-41F50BD38BE9", "versionEndExcluding": "7.00\\(achf.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3073565-BCDF-46EA-8FB0-E9BF402A5122", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "51DEEC5B-58B9-42F9-A4D5-F3E3052158D4", "versionEndExcluding": "7.00\\(abtf.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBE514B5-8D07-4FB4-8EB8-7CF7E55C3E11", "versionEndExcluding": "7.00\\(abte.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*", "matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA59F338-1359-42CF-B9EC-8D2B2DDB38EC", "versionEndExcluding": "7.00\\(accn.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2BCC6FF-5A92-4B3A-BE6F-7D896ABF1E41", "versionEndExcluding": "7.00\\(abzd.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A478145-5144-44CA-94AC-134CEFDCAF47", "versionEndExcluding": "7.00\\(accm.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*", "matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F11E363A-FF52-41EB-B638-C5EBAC282BD1", "versionEndExcluding": "7.00\\(abrm.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*", "matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "349E2140-7E73-4682-ACA4-C89F4EF0D590", "versionEndExcluding": "7.00\\(acdo.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*", "matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "64D953D8-8351-44F4-ADCE-97F11DF62AE7", "versionEndExcluding": "7.00\\(acgg.1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device."}, {"lang": "es", "value": " La vulnerabilidad de administraci\u00f3n de privilegios incorrecta en la versi\u00f3n 6.70 (ACGG.3) del firmware Zyxel WBE660S y versiones anteriores podr\u00eda permitir a un usuario autenticado escalar privilegios y descargar los archivos de configuraci\u00f3n en un dispositivo vulnerable."}], "id": "CVE-2024-1575", "lastModified": "2025-01-22T22:33:15.853", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@zyxel.com.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-23T02:15:02.090", "references": [{"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@zyxel.com.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}