← back
CVE-2024-12398

CVE-2024-12398

CVSS 8.8 HIGHEPSS 0.5%CWE-269
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
14 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Zyxel · WBE530 firmwareZyxel · WBE660S firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025