#VU95271 Incorrect permission assignment for critical resource in ZWX-2000CSW2-HN - CVE-2024-41720

Cybersecurity Help s.r.o.

Published: 2024-08-05

Vulnerability identifier: #VU95271

Vulnerability risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-41720

CWE-ID: CWE-732

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
ZWX-2000CSW2-HN
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: ZEXELON

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to incorrect permission assignment for critical resource. A remote user on the local network can alter the configuration of the device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ZWX-2000CSW2-HN: before 0.3.15

External links
https://jvn.jp/en/jp/JVN70666401/index.html
https://www.zexelon.co.jp/pdf/jvn70666401.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN