Vulnerability Description
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Nwa50Ax Firmware | < 7.10\(abyw.1\) |
| Zyxel | Nwa50Ax | - |
| Zyxel | Nwa50Ax Pro Firmware | < 7.10\(acge.1\) |
| Zyxel | Nwa50Ax Pro | - |
| Zyxel | Nwa55Axe Firmware | < 7.10\(abzl.1\) |
| Zyxel | Nwa55Axe | - |
| Zyxel | Nwa90Ax Firmware | < 7.10\(accv.1\) |
| Zyxel | Nwa90Ax | - |
| Zyxel | Nwa90Ax Pro Firmware | < 7.10\(acgf.1\) |
| Zyxel | Nwa90Ax Pro | - |
| Zyxel | Nwa110Ax Firmware | < 7.10\(abtg.1\) |
| Zyxel | Nwa110Ax | - |
| Zyxel | Nwa130Be Firmware | < 7.10\(acil.1\) |
| Zyxel | Nwa130Be | - |
| Zyxel | Nwa210Ax Firmware | < 7.10\(abtd.1\) |
| Zyxel | Nwa210Ax | - |
| Zyxel | Nwa220Ax-6E Firmware | < 7.10\(acco.1\) |
| Zyxel | Nwa220Ax-6E | - |
| Zyxel | Nwa1123Acv3 Firmware | < 6.70\(abvt.6\) |
| Zyxel | Nwa1123Acv3 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-12398?
CVE-2024-12398 is a vulnerability with a CVSS score of 8.8 (HIGH). An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow...
How severe is CVE-2024-12398?
CVE-2024-12398 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-12398?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Nwa50Ax Firmware, Zyxel Nwa50Ax, Zyxel Nwa50Ax Pro Firmware, Zyxel Nwa50Ax Pro, Zyxel Nwa55Axe Firmware.