CVE-2024-1575

moderate-risk
Published 2024-07-23

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.

Do I need to act?

-
0.26% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Nwa50Ax Firmware
Nwa50Ax-Pro Firmware
Nwa55Axe Firmware
Nwa90Ax Firmware
Nwa90Ax-Pro Firmware
Nwa110Ax Firmware
Nwa210Ax Firmware
Nwa220Ax-6E Firmware
Nwa1123Acv3 Firmware
Wac500 Firmware
Wac500H Firmware
Wax300H Firmware
Wax510D Firmware
Wax610D Firmware
Wax620D-6E Firmware
Wax630S Firmware
Wax640S-6E Firmware
Wax650S Firmware
Wax655E Firmware
Wbe660S Firmware

Affected Vendors

Zyxel

References (2)

Vendor Advisory https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advis...
Vendor Advisory https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advis...
45
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 20/34 · Moderate