Improper Privilege Management in Zyxel WBE530 and WBE660S Firmware
CVE-2024-12398

8.8HIGH

Key Information:

Vendor: Zyxel
Status: Wbe530 Firmware; Wbe660s Firmware
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-12398?

An improper privilege management vulnerability exists in the web management interface of Zyxel WBE530 and WBE660S firmware versions. This vulnerability allows an authenticated user with limited permissions to escalate their privileges to that of an administrator. By exploiting this flaw, a malicious user gains the ability to upload potentially harmful configuration files to the device, which can compromise the security and integrity of the affected system.

Affected Version(s)

WBE530 firmware <= 7.00(ACLE.3)

WBE660S firmware <= 6.70(ACGG.2)

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025
Vulnerability Reserved
Dec 10, 2024