VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 5, 2024· Updated Mar 17, 2025

CVE-2024-41720

CVE-2024-41720

Description

Incorrect permission assignment in ZWX-2000CSW2-HN firmware prior to Ver.0.3.15 allows network-adjacent authenticated attackers to alter device configuration.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Incorrect permission assignment in ZWX-2000CSW2-HN firmware prior to Ver.0.3.15 allows network-adjacent authenticated attackers to alter device configuration.

Vulnerability

Incorrect permission assignment for critical resource (CWE-732) exists in ZEXELON ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15. The device is a high-speed coaxial modem with wireless LAN functions. The vulnerability allows a network-adjacent authenticated attacker to alter the configuration of the device [1].

Exploitation

An attacker must be network-adjacent and have valid authentication credentials (low privilege required). No user interaction is needed. The attack complexity is low. The attacker can exploit the incorrect permission assignment to modify device configuration [1].

Impact

Successful exploitation allows the attacker to alter the configuration of the device, potentially leading to compromise of confidentiality, integrity, and availability (CVSS 8.0, High). The impact is high across all CIA triad [1].

Mitigation

Update the firmware to the latest version (Ver.0.3.15 or later) as per the developer's instructions [1]. No workarounds are mentioned. The vulnerability is not listed on CISA KEV as of publication.

References
  1. Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • ZWX/ZWX-2000CSW2-HNllm-create
    Range: <0.3.15
  • ZEXELON CO., LTD./ZWX-2000CSW2-HNv5
    Range: firmware versions prior to Ver.0.3.15

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.