CVE-2024-12398

high-risk

Published 2025-01-14

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

Do I need to act?

0.34% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Wax655E Firmware

Wbe530 Firmware

Wbe660S Firmware

Usg Lite 60Ax Firmware

Nwa50Ax Firmware

Nwa50Ax Pro Firmware

Nwa55Axe Firmware

Nwa90Ax Firmware

Nwa90Ax Pro Firmware

Nwa110Ax Firmware

Nwa130Be Firmware

Nwa210Ax Firmware

Nwa220Ax-6E Firmware

Nwa1123Acv3 Firmware

Wac500 Firmware

Wac500H Firmware

Wax300H Firmware

Wax510D Firmware

Wax610D Firmware

Wax620D-6E Firmware

Affected Vendors

Zyxel

References (1)

Vendor Advisory https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advis...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 21/34 · High