CVE-2024-1575

{"id": "CVE-2024-1575", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-07-23T02:15:02.090", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024", "tags": ["Vendor Advisory"], "source": "security@zyxel.com.tw"}, {"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device."}, {"lang": "es", "value": " La vulnerabilidad de administraci\u00f3n de privilegios incorrecta en la versi\u00f3n 6.70 (ACGG.3) del firmware Zyxel WBE660S y versiones anteriores podr\u00eda permitir a un usuario autenticado escalar privilegios y descargar los archivos de configuraci\u00f3n en un dispositivo vulnerable."}], "lastModified": "2025-01-22T22:33:15.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A8696DE-6B52-435C-B910-6FE4E731C2D9", "versionEndExcluding": "7.00\\(abyw.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74F8426E-D74D-44E1-96E2-2873D9EC5493", "versionEndExcluding": "7.00\\(acge.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA733CF7-A57D-499C-B2B7-CA894EDE7AD6", "versionEndExcluding": "7.00\\(abzl.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80A74559-9DCE-414B-AEF3-3C2E2088B930", "versionEndExcluding": "7.00\\(accv.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3DFAC25-E7B6-4C83-ADAD-87200634C608", "versionEndExcluding": "7.00\\(acgf.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D2AF8B6-D22B-4E82-8B03-8111AAD0EDD1", "versionEndExcluding": "7.00\\(abtg.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D00E81A-CE90-41E2-A431-C30A931958C8", "versionEndExcluding": "7.00\\(abtd.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E112EA3-4A6E-4DB6-9757-C9EBDC103A39", "versionEndExcluding": "7.00\\(acco.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD425E6E-5D45-4FB5-9DEB-1D513B51D434", "versionEndExcluding": "6.70\\(abvt.4\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DC0CF83-69C5-4512-BCE8-BB967E884052", "versionEndExcluding": "6.70\\(abvs.4\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8AC3BAD-2544-4CA6-A276-65449D925A7F", "versionEndExcluding": "6.70\\(abwa.4\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F3E4C75-D7EA-4420-8C75-41F50BD38BE9", "versionEndExcluding": "7.00\\(achf.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C3073565-BCDF-46EA-8FB0-E9BF402A5122"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51DEEC5B-58B9-42F9-A4D5-F3E3052158D4", "versionEndExcluding": "7.00\\(abtf.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBE514B5-8D07-4FB4-8EB8-7CF7E55C3E11", "versionEndExcluding": "7.00\\(abte.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA59F338-1359-42CF-B9EC-8D2B2DDB38EC", "versionEndExcluding": "7.00\\(accn.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2BCC6FF-5A92-4B3A-BE6F-7D896ABF1E41", "versionEndExcluding": "7.00\\(abzd.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A478145-5144-44CA-94AC-134CEFDCAF47", "versionEndExcluding": "7.00\\(accm.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F11E363A-FF52-41EB-B638-C5EBAC282BD1", "versionEndExcluding": "7.00\\(abrm.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "349E2140-7E73-4682-ACA4-C89F4EF0D590", "versionEndExcluding": "7.00\\(acdo.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64D953D8-8351-44F4-ADCE-97F11DF62AE7", "versionEndExcluding": "7.00\\(acgg.1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@zyxel.com.tw"}