Is CVE-2024-12398 actively exploited?

CVE-2024-12398 has no public evidence of in-the-wild exploitation as of 2025-01-21.

What is the CVSS score for CVE-2024-12398?

CVE-2024-12398 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2024-12398?

Patch guidance is available from zyxel security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-12398.

Fix CVE-2024-12398 - HIGH zyxel nwa50ax firmware

Q: Which products are affected by CVE-2024-12398?

23 products: zyxel nwa50ax firmware, zyxel nwa50ax pro firmware, zyxel nwa55axe firmware, zyxel nwa90ax firmware, zyxel nwa90ax pro firmware, and 18 more.

Description

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-269 · Improper Privilege ManagementNVD-CWE-noinfo

Metadata

Primary Vendor: ZYXEL
Published: 1/14/2025
Last Modified: 1/21/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

zyxel : nwa50ax_firmwarezyxel : nwa50ax_pro_firmwarezyxel : nwa55axe_firmwarezyxel : nwa90ax_firmwarezyxel : nwa90ax_pro_firmwarezyxel : nwa110ax_firmwarezyxel : nwa130be_firmwarezyxel : nwa210ax_firmwarezyxel : nwa220ax-6e_firmwarezyxel : nwa1123acv3_firmwarezyxel : wac500_firmwarezyxel : wac500h_firmwarezyxel : wax300h_firmwarezyxel : wax510d_firmwarezyxel : wax610d_firmwarezyxel : wax620d-6e_firmwarezyxel : wax630s_firmwarezyxel : wax640s-6e_firmwarezyxel : wax650s_firmwarezyxel : wax655e_firmwarezyxel : wbe530_firmwarezyxel : wbe660s_firmwarezyxel : usg_lite_60ax_firmware

Remediation Guidance

Executive Summary

View on NIST NVD