Zyxel security advisory for improper privilege management vulnerability in APs and security...

Zyxel_May

Zyxel security advisory for improper privilege management vulnerability in APs and security router devices

CVE: CVE-2024-12398

Summary

Zyxel has released patches to address an improper privilege management vulnerability in the web management interface of certain access point (AP) and security router firmware versions. Users are advised to install these patches for optimal protection.

What is the vulnerability?

The improper privilege management vulnerability in the web management interface of certain AP and security router firmware versions could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

What versions are vulnerable—and what should you do?

After a thorough investigation,we have identified the vulnerable products that are within their vulnerability support period and have released patches to address the vulnerability, as shown in the table below.

Product	Affected model	Affected version	Patch availability
AP	NWA50AX	7.00(ABYW.2) and earlier	7.10(ABYW.1)
	NWA50AX PRO	7.00(ACGE.2) and earlier	7.10(ACGE.1)
	NWA55AXE	7.00(ABZL.2) and earlier	7.10(ABZL.1)
	NWA90AX	7.00(ACCV.2) and earlier	7.10(ACCV.1)
	NWA90AX PRO	7.00(ACGF.2) and earlier	7.10(ACGF.1)
	NWA110AX	7.00(ABTG.2) and earlier	7.10(ABTG.1)
	NWA130BE	7.00(ACIL.3) and earlier	7.10(ACIL.1)
	NWA210AX	7.00(ABTD.2) and earlier	7.10(ABTD.1)
	NWA220AX-6E	7.00(ACCO.2) and earlier	7.10(ACCO.1)
	NWA1123ACv3	6.70(ABVT.4) and earlier	6.70(ABVT.6)
	WAC500	6.70(ABVS.5) and earlier	6.70(ABVS.6)
	WAC500H	6.70(ABWA.5) and earlier	6.70(ABWA.6)
	WAX300H	7.00(ACHF.2) and earlier	7.10(ACHF.1)
	WAX510D	7.00(ABTF.2) and earlier	7.10(ABTF.1)
	WAX610D	7.00(ABTE.2) and earlier	7.10(ABTE.1)
	WAX620D-6E	7.00(ACCN.2) and earlier	7.10(ACCN.1)
	WAX630S	7.00(ABZD.2) and earlier	7.10(ABZD.1)
	WAX640S-6E	7.00(ACCM.2) and earlier	7.10(ACCM.1)
	WAX650S	7.00(ABRM.2) and earlier	7.10(ABRM.1)
	WAX655E	7.00(ACDO.2) and earlier	7.10(ACDO.1)
	WBE530	7.00(ACLE.3) and earlier	7.10(ACLE.1)
	WBE660S	6.70(ACGG.2) and earlier	7.00(ACGG.1)
Security router	USG LITE 60AX	2.00(ACIP.4) and earlier	2.10(ACIP.0)*

*Updated by cloud

Got a question?

Please contact your local service rep or visit Zyxel’s Community for further information or assistance.

Acknowledgment

Thanks to Alessandro Sgreccia from HackerHood for reporting the issue to us.

Revision history

2025-1-14:Initial release.