CVE-2024-1575

MEDIUM EPSS 24.1%

Published Jul 23, 20241y ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Jul 23, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.

CVSS Details

Base Score

6.5

Exploitability

2.8

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

24.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-269 Improper Privilege Management Authorization

Affected Products 40

Vendor	Product	Version	Range
zyxel	nwa50ax_firmware	*	<7.00\(abyw.1\)
zyxel	nwa50ax	*	any
zyxel	nwa50ax-pro_firmware	*	<7.00\(acge.1\)
zyxel	nwa50ax-pro	*	any
zyxel	nwa55axe_firmware	*	<7.00\(abzl.1\)
zyxel	nwa55axe	*	any
zyxel	nwa90ax_firmware	*	<7.00\(accv.1\)
zyxel	nwa90ax	*	any
zyxel	nwa90ax-pro_firmware	*	<7.00\(acgf.1\)
zyxel	nwa90ax-pro	*	any
zyxel	nwa110ax_firmware	*	<7.00\(abtg.1\)
zyxel	nwa110ax	*	any
zyxel	nwa210ax_firmware	*	<7.00\(abtd.1\)
zyxel	nwa210ax	*	any
zyxel	nwa220ax-6e_firmware	*	<7.00\(acco.1\)
zyxel	nwa220ax-6e	*	any
zyxel	nwa1123acv3_firmware	*	<6.70\(abvt.4\)
zyxel	nwa1123acv3	*	any
zyxel	wac500_firmware	*	<6.70\(abvs.4\)
zyxel	wac500	*	any
zyxel	wac500h_firmware	*	<6.70\(abwa.4\)
zyxel	wac500h	*	any
zyxel	wax300h_firmware	*	<7.00\(achf.1\)
zyxel	wax300h	*	any
zyxel	wax510d_firmware	*	<7.00\(abtf.1\)
zyxel	wax510d	*	any
zyxel	wax610d_firmware	*	<7.00\(abte.1\)
zyxel	wax610d	*	any
zyxel	wax620d-6e_firmware	*	<7.00\(accn.1\)
zyxel	wax620d-6e	*	any
zyxel	wax630s_firmware	*	<7.00\(abzd.1\)
zyxel	wax630s	*	any
zyxel	wax640s-6e_firmware	*	<7.00\(accm.1\)
zyxel	wax640s-6e	*	any
zyxel	wax650s_firmware	*	<7.00\(abrm.1\)
zyxel	wax650s	*	any
zyxel	wax655e_firmware	*	<7.00\(acdo.1\)
zyxel	wax655e	*	any
zyxel	wbe660s_firmware	*	<7.00\(acgg.1\)
zyxel	wbe660s	*	any

References 1

zyxel.com https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.