CVE-2024-12398 HIGH

CVE-2024-12398

Vendor Zyxel
Product WBE530 firmware
Weakness CWE-269
Published January 14, 2025
Last update January 14, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

Key dates

02Disclosure timeline

January 14, 2025 CVE published
January 14, 2025 Record updated