Severity
High
Analysis Summary
CVE-2024-12398
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2024-12398
CVE-2025-21308
CVE-2025-21186
CVE-2025-21366
CVE-2025-21395
Affected Vendors
Zyxel
Affected Products
- Zyxel NWA50AX 7.00(ABYW.2)
- Zyxel NWA50AX PRO 7.00(ACGE.2)
- Zyxel NWA55AXE 7.00(ABZL.2)
- Zyxel NWA90AX 7.00(ACCV.2)
- Zyxel NWA90AX PRO 7.00(ACGF.2)
- Zyxel NWA110AX 7.00(ABTG.2)
- Zyxel NWA130BE 7.00(ACIL.3)
- Zyxel NWA210AX 7.00(ABTD.2)
- Zyxel NWA220AX-6E 7.00(ACCO.2)
- Zyxel NWA1123ACv3 6.70(ABVT.4)
- Zyxel WAC500 6.70(ABVS.5)
- Zyxel WAC500H 6.70(ABWA.5)
- Zyxel WAX300H 7.00(ACHF.2)
- Zyxel WAX510D 7.00(ABTF.2)
- Zyxel WAX610D 7.00(ABTE.2)
- Zyxel WAX620D-6E 7.00(ACCN.2)
- Zyxel WAX630S 7.00(ABZD.2)
- Zyxel WAX640S-6E 7.00(ACCM.2)
- Zyxel WAX650S 7.00(ABRM.2)
- Zyxel WAX655E 7.00(ACDO.2)
- Zyxel WBE530 7.00(ACLE.3)
- Zyxel WBE660S 6.70(ACGG.2)
- Zyxel USG LITE 60AX 2.00(ACIP.4)
Remediation
Refer to Zyxel Security Advisory for patch, upgrade, or suggested workaround information.