Zyxel has issued an advisory for a newly identified security vulnerability, CVE-2024-12398, that affects multiple access points (AP) and security routers. With a CVSS score of 8.8, this vulnerability underscores the urgency for users to apply patches immediately to protect their systems from potential exploitation.
The vulnerability is an improper privilege management flaw within the web management interface of certain Zyxel AP and router firmware versions. According to the advisory, the issue “could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.” This level of access could allow attackers to take full control of affected devices.
Zyxel has listed numerous affected products and their vulnerable firmware versions. These include widely used models like the NWA50AX, NWA55AXE, WAC500, and WAX610D, among others. Updated firmware versions, such as 7.10(ABYW.1) for the NWA50AX, have been made available to mitigate the vulnerability. Users can download the patches from Zyxel’s support page based on their device model.
Zyxel noted in their advisory, “Users are advised to install these patches for optimal protection.” Failure to address such issues promptly could leave organizations exposed to unauthorized privilege escalation and broader network compromises.
Related Posts:
- Zyxel Devices Targeted by Malicious Actors: Urgent Firmware Update Required
- Two Actively Exploited Zyxel Vulnerabilities
- CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited
