CVE-2024-1575

MEDIUM

Zyxel NWA and WAX Series Firmware < 7.00 - Authenticated Privilege Escalation via Configuration Download

Title source: llm

Description

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024

Scores

CVSS v3 6.5

EPSS 0.0026

EPSS Percentile 49.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-269

Status published

Products (20)

zyxel/nwa110ax_firmware < 7.00\(abtg.1\)

zyxel/nwa1123acv3_firmware < 6.70\(abvt.4\)

zyxel/nwa210ax_firmware < 7.00\(abtd.1\)

zyxel/nwa220ax-6e_firmware < 7.00\(acco.1\)

zyxel/nwa50ax-pro_firmware < 7.00\(acge.1\)

zyxel/nwa50ax_firmware < 7.00\(abyw.1\)

zyxel/nwa55axe_firmware < 7.00\(abzl.1\)

zyxel/nwa90ax-pro_firmware < 7.00\(acgf.1\)

zyxel/nwa90ax_firmware < 7.00\(accv.1\)

zyxel/wac500_firmware < 6.70\(abvs.4\)

... and 10 more

Published Jul 23, 2024

Tracked Since Feb 18, 2026