Vulnerability Description
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Nwa50Ax Firmware | < 7.00\(abyw.1\) |
| Zyxel | Nwa50Ax | - |
| Zyxel | Nwa50Ax-Pro Firmware | < 7.00\(acge.1\) |
| Zyxel | Nwa50Ax-Pro | - |
| Zyxel | Nwa55Axe Firmware | < 7.00\(abzl.1\) |
| Zyxel | Nwa55Axe | - |
| Zyxel | Nwa90Ax Firmware | < 7.00\(accv.1\) |
| Zyxel | Nwa90Ax | - |
| Zyxel | Nwa90Ax-Pro Firmware | < 7.00\(acgf.1\) |
| Zyxel | Nwa90Ax-Pro | - |
| Zyxel | Nwa110Ax Firmware | < 7.00\(abtg.1\) |
| Zyxel | Nwa110Ax | - |
| Zyxel | Nwa210Ax Firmware | < 7.00\(abtd.1\) |
| Zyxel | Nwa210Ax | - |
| Zyxel | Nwa220Ax-6E Firmware | < 7.00\(acco.1\) |
| Zyxel | Nwa220Ax-6E | - |
| Zyxel | Nwa1123Acv3 Firmware | < 6.70\(abvt.4\) |
| Zyxel | Nwa1123Acv3 | - |
| Zyxel | Wac500 Firmware | < 6.70\(abvs.4\) |
| Zyxel | Wac500 | - |
Related Weaknesses (CWE)
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
FAQ
What is CVE-2024-1575?
CVE-2024-1575 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the config...
How severe is CVE-2024-1575?
CVE-2024-1575 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1575?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Nwa50Ax Firmware, Zyxel Nwa50Ax, Zyxel Nwa50Ax-Pro Firmware, Zyxel Nwa50Ax-Pro, Zyxel Nwa55Axe Firmware.