Is CVE-2024-1575 actively exploited?

CVE-2024-1575 has no public evidence of in-the-wild exploitation as of 2025-01-22.

What is the CVSS score for CVE-2024-1575?

CVE-2024-1575 has a CVSS score of 6.5 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

How do I patch CVE-2024-1575?

Patch guidance is available from zyxel security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-1575.

CVE-2024-1575 - remediation guidance & executive summary

Q: Which products are affected by CVE-2024-1575?

20 products: zyxel nwa50ax firmware, zyxel nwa50ax-pro firmware, zyxel nwa55axe firmware, zyxel nwa90ax firmware, zyxel nwa90ax-pro firmware, and 15 more.

Description

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-269 · Improper Privilege ManagementNVD-CWE-noinfo

Metadata

Primary Vendor: ZYXEL
Published: 7/23/2024
Last Modified: 1/22/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

zyxel : nwa50ax_firmwarezyxel : nwa50ax-pro_firmwarezyxel : nwa55axe_firmwarezyxel : nwa90ax_firmwarezyxel : nwa90ax-pro_firmwarezyxel : nwa110ax_firmwarezyxel : nwa210ax_firmwarezyxel : nwa220ax-6e_firmwarezyxel : nwa1123acv3_firmwarezyxel : wac500_firmwarezyxel : wac500h_firmwarezyxel : wax300h_firmwarezyxel : wax510d_firmwarezyxel : wax610d_firmwarezyxel : wax620d-6e_firmwarezyxel : wax630s_firmwarezyxel : wax640s-6e_firmwarezyxel : wax650s_firmwarezyxel : wax655e_firmwarezyxel : wbe660s_firmware

Remediation Guidance

Executive Summary

View on NIST NVD