CVE-2024-39838

HIGH EPSS 25.0%

Published Aug 5, 20241y ago · Modified Jun 17, 20261w ago

8.8 CVSS 3.1

High

Published Aug 5, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.

CVSS Details

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Adjacent

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

25.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-798 Use of Hard-coded Credentials Authentication

Affected Products 2

Vendor	Product	Version	Range
zexelon	zwx-2000csw2-hn_firmware	*	<0.3.15
zexelon	zwx-2000csw2-hn	*	any

References 2

jvn.jp https://jvn.jp/en/jp/JVN70666401/

Third Party Advisory
zexelon.co.jp https://www.zexelon.co.jp/pdf/jvn70666401.pdf

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.