Unrated severityNVD Advisory· Published Jan 14, 2025· Updated Jan 14, 2025

CVE-2024-12398

Description

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Zyxel/WBE530llm-create
Range: <=7.00(ACLE.3)
Zyxel/WBE660Sllm-create
Range: <=6.70(ACGG.2)
Zyxel/WBE530 firmwarev5
Range: <= 7.00(ACLE.3)
Zyxel/WBE660S firmwarev5
Range: <= 6.70(ACGG.2)

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000