CVE-2024-12398
Published: 14 January 2025
Summary
CVE-2024-12398 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Zyxel Nwa50Ax Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 43.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-6 enforces least privilege by ensuring limited-privilege users cannot access or perform administrator functions like privilege escalation and configuration uploads.
AC-3 requires the system to enforce approved access control policies, preventing limited users from escalating privileges in the web management interface.
AC-2 mandates proper management of accounts and privileges, including review and assignment of minimal privileges to mitigate improper privilege management vulnerabilities.
NVD Description
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an…
more
administrator, enabling them to upload configuration files to a vulnerable device.
Deeper analysisAI
CVE-2024-12398 is an improper privilege management vulnerability, classified under CWE-269, affecting the web management interface in Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2). It enables an authenticated user with limited privileges to escalate their access to administrator level, allowing them to upload configuration files to the vulnerable device. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
An attacker requires network access to the web management interface and valid credentials for a limited-privilege account, which could be obtained through weak passwords, prior compromises, or social engineering. Once authenticated, exploitation is straightforward with low complexity and no user interaction needed, leading to privilege escalation. Successful exploitation grants administrator rights, enabling configuration file uploads that could facilitate further persistence, backdoor installation, or full device takeover.
Zyxel has published a security advisory detailing the issue, available at https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025, which security practitioners should consult for recommended mitigations and patches.
Details
- CWE(s)