Improper Privilege Management Vulnerability Affects Zyxel WBE660S Firmware
CVE-2024-1575

6.5MEDIUM

Key Information:

Vendor: Zyxel
Status: Wbe660s Firmware
Vendor: CVE Published:; 23 July 2024

Summary

An improper privilege management vulnerability exists in Zyxel WBE660S firmware versions up to 6.70(ACGG.3). This flaw permits authenticated users to escalate their privileges, potentially enabling them to download sensitive configuration files. If exploited, this vulnerability poses a significant risk to the integrity and confidentiality of network configurations, warranting immediate attention from users of the affected firmware.

Affected Version(s)

WBE660S firmware <= 6.70(ACGG.3)

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2024
Vulnerability Reserved
Feb 16, 2024