cve-2024-1575
Vulnerability from cvelistv5
Published
2024-07-23 01:39
Modified
2024-08-01 18:40
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.
References
security@zyxel.com.twhttps://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024Vendor Advisory
Impacted products
Vendor Product Version
Zyxel WBE660S firmware Version: <= 6.70(ACGG.3)
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1575",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T13:18:17.536628Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T13:18:27.277Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:40:21.490Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WBE660S firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 6.70(ACGG.3)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device."
            }
          ],
          "value": "The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-23T01:39:53.232Z",
        "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "shortName": "Zyxel"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
    "assignerShortName": "Zyxel",
    "cveId": "CVE-2024-1575",
    "datePublished": "2024-07-23T01:39:53.232Z",
    "dateReserved": "2024-02-16T07:27:10.034Z",
    "dateUpdated": "2024-08-01T18:40:21.490Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-1575\",\"sourceIdentifier\":\"security@zyxel.com.tw\",\"published\":\"2024-07-23T02:15:02.090\",\"lastModified\":\"2025-01-22T22:33:15.853\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.\"},{\"lang\":\"es\",\"value\":\" La vulnerabilidad de administraci\u00f3n de privilegios incorrecta en la versi\u00f3n 6.70 (ACGG.3) del firmware Zyxel WBE660S y versiones anteriores podr\u00eda permitir a un usuario autenticado escalar privilegios y descargar los archivos de configuraci\u00f3n en un dispositivo vulnerable.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(abyw.1\\\\)\",\"matchCriteriaId\":\"8A8696DE-6B52-435C-B910-6FE4E731C2D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2806A3B3-8F13-4170-B284-8809E3502044\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(acge.1\\\\)\",\"matchCriteriaId\":\"74F8426E-D74D-44E1-96E2-2873D9EC5493\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7DD6E6B-61EC-4E60-8244-56ADB26F2234\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(abzl.1\\\\)\",\"matchCriteriaId\":\"DA733CF7-A57D-499C-B2B7-CA894EDE7AD6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7440976-5CB4-40BE-95C2-98EF4B888109\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(accv.1\\\\)\",\"matchCriteriaId\":\"80A74559-9DCE-414B-AEF3-3C2E2088B930\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A903978-737E-4266-A670-BC94E32CAF96\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(acgf.1\\\\)\",\"matchCriteriaId\":\"F3DFAC25-E7B6-4C83-ADAD-87200634C608\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFA44855-B135-44BD-AE21-FC58CD647AB6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(abtg.1\\\\)\",\"matchCriteriaId\":\"5D2AF8B6-D22B-4E82-8B03-8111AAD0EDD1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A3F9232-F988-4428-9898-4F536123CE88\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(abtd.1\\\\)\",\"matchCriteriaId\":\"1D00E81A-CE90-41E2-A431-C30A931958C8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BB129F9-64D8-43C2-9366-51EBDF419F5F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(acco.1\\\\)\",\"matchCriteriaId\":\"5E112EA3-4A6E-4DB6-9757-C9EBDC103A39\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E03F755-424D-4248-9076-ED7BECEB94C5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.70\\\\(abvt.4\\\\)\",\"matchCriteriaId\":\"CD425E6E-5D45-4FB5-9DEB-1D513B51D434\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36C13E7F-2186-4587-83E9-57B05A7147B7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.70\\\\(abvs.4\\\\)\",\"matchCriteriaId\":\"4DC0CF83-69C5-4512-BCE8-BB967E884052\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C024551-F08F-4152-940D-1CF8BCD79613\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.70\\\\(abwa.4\\\\)\",\"matchCriteriaId\":\"B8AC3BAD-2544-4CA6-A276-65449D925A7F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1FD502-4F62-4C77-B3BC-E563B24F0067\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wax300h_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(achf.1\\\\)\",\"matchCriteriaId\":\"8F3E4C75-D7EA-4420-8C75-41F50BD38BE9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wax300h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3073565-BCDF-46EA-8FB0-E9BF402A5122\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(abtf.1\\\\)\",\"matchCriteriaId\":\"51DEEC5B-58B9-42F9-A4D5-F3E3052158D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A37A0E9-D505-4376-AB0E-1C0FD7E53A55\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(abte.1\\\\)\",\"matchCriteriaId\":\"EBE514B5-8D07-4FB4-8EB8-7CF7E55C3E11\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3518DA0A-2C7B-4979-A457-0826C921B0F0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(accn.1\\\\)\",\"matchCriteriaId\":\"EA59F338-1359-42CF-B9EC-8D2B2DDB38EC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(abzd.1\\\\)\",\"matchCriteriaId\":\"B2BCC6FF-5A92-4B3A-BE6F-7D896ABF1E41\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC74AAF9-5206-4CEB-9023-6CD4F38AA623\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(accm.1\\\\)\",\"matchCriteriaId\":\"2A478145-5144-44CA-94AC-134CEFDCAF47\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20E4E9A0-DF92-47B7-94D6-0867E3171E47\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(abrm.1\\\\)\",\"matchCriteriaId\":\"F11E363A-FF52-41EB-B638-C5EBAC282BD1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D784994E-E2CE-4328-B490-D9DC195A53DB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(acdo.1\\\\)\",\"matchCriteriaId\":\"349E2140-7E73-4682-ACA4-C89F4EF0D590\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61158220-B5E8-4BF4-B2C2-E8ABFD3266CF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.00\\\\(acgg.1\\\\)\",\"matchCriteriaId\":\"64D953D8-8351-44F4-ADCE-97F11DF62AE7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FC2F3A4-0598-49B0-9829-AF43C97E9E8E\"}]}]}],\"references\":[{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024\",\"source\":\"security@zyxel.com.tw\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:40:21.490Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-1575\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-23T13:18:17.536628Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-23T13:18:23.412Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Zyxel\", \"product\": \"WBE660S firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 6.70(ACGG.3)\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-07-23-2024\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"shortName\": \"Zyxel\", \"dateUpdated\": \"2024-07-23T01:39:53.232Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-1575\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T18:40:21.490Z\", \"dateReserved\": \"2024-02-16T07:27:10.034Z\", \"assignerOrgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"datePublished\": \"2024-07-23T01:39:53.232Z\", \"assignerShortName\": \"Zyxel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.