CVE-2024-12398
Published: 14 January 2025
Description
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.
Security Summary
CVE-2024-12398 is an improper privilege management vulnerability, classified under CWE-269, affecting the web management interface in Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2). It enables an authenticated user with limited privileges to escalate their access to administrator level, allowing them to upload configuration files to the vulnerable device. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
An attacker requires network access to the web management interface and valid credentials for a limited-privilege account, which could be obtained through weak passwords, prior compromises, or social engineering. Once authenticated, exploitation is straightforward with low complexity and no user interaction needed, leading to privilege escalation. Successful exploitation grants administrator rights, enabling configuration file uploads that could facilitate further persistence, backdoor installation, or full device takeover.
Zyxel has published a security advisory detailing the issue, available at https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025, which security practitioners should consult for recommended mitigations and patches.
Details
- CWE(s)