Main Vulnerability Database SB2024072302

SB2024072302 - Privilege escalation in Zyxel in APs

Published: July 23, 2024

Security Bulletin ID SB2024072302

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper privilege management (CVE-ID: CVE-2024-1575)

The vulnerability allows a remote attacker to escalate privileges.

The vulnerability exists due to improper privilege management. A remote user can escalate privileges and download the configuration files on the target device.

Remediation

Install update from vendor's website.

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024

Vulnerable Software

NWA50AX: 6.29(ABYW.4) and previous versions
NWA50AX-PRO: 6.65(ACGE.1) and previous versions
NWA55AXE: 6.29(ABZL.4) and previous versions
NWA90AX: 6.29(ACCV.4) and previous versions
NWA90AX-PRO: 6.65(ACGF.1) and previous versions
NWA110AX: 6.70(ABTG.2) and previous versions
NWA210AX: 6.70(ABTD.2) and previous versions
NWA220AX-6E: 6.70(ACCO.1) and previous versions
NWA1123ACv3: 6.70(ABVT.1) and previous versions
WAC500: 6.70(ABVS.1) and previous versions
WAC500H: 6.70(ABWA.1) and previous versions
WAX300H: 6.70(ACHF.1) and previous versions
WAX510D: 6.70(ABTF.2) and previous versions
WAX610D: 6.70(ABTE.2) and previous versions
WAX620D-6E: 6.70(ACCN.1) and previous versions
WAX630S: 6.70(ABZD.2) and previous versions
WAX640S-6E: 6.70(ACCM.1) and previous versions
WAX650S: 6.70(ABRM.2) and previous versions
WAX655E: 6.70(ACDO.1) and previous versions
WBE660S: 6.70(ACGG.2) and previous versions

SB2024072302 - Privilege escalation in Zyxel in APs

Breakdown by Severity

Description

Remediation

References

Please verify you're human