CVE-2024-41720

HIGH

Zexelon Zwx-2000csw2-hn Firmware - Incorrect Permission Assignment

Title source: rule

Description

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.

References (2)

[Third Party Advisory] https://jvn.jp/en/jp/JVN70666401/

[Vendor Advisory] https://www.zexelon.co.jp/pdf/jvn70666401.pdf

Scores

CVSS v3 8.0

EPSS 0.0018

EPSS Percentile 39.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-732

Status published

Products (1)

zexelon/zwx-2000csw2-hn_firmware < 0.3.15

Published Aug 05, 2024

Tracked Since Feb 18, 2026