Happy #PatchTuesday from **Zyxel**: [Zyxel security advisory for improper privilege management vulnerability in APs and security router devices](https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 )
CVE-2024-12398 (8.8 high) An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.
There is no mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).
#zyxel #cve #vulnerability #infosec #cybersecurity
Not Simon 🐐
npub14g…xznd6
2025-01-14 19:30:33 UTC
Author Public Key
npub14g0mj0fmn0sepfuhp2wupyk7d8xyz7rezpmrx2gfsav9vxlwxypq4xznd6Seen on
wss://relay.momostr.pinkPublished at
2025-01-14 19:30:33 UTCEvent JSON
{
"id": "3c00b849baa9a3638feb9d794ced8e0ee9e56478c06cd57682f26097e332e7cf",
"pubkey": "aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102",
"created_at": 1736883033,
"kind": 1,
"tags": [
[
"t",
"infosec"
],
[
"t",
"cve"
],
[
"t",
"cybersecurity"
],
[
"t",
"zyxel"
],
[
"proxy",
"https://infosec.exchange/@screaminggoat/113828366476462278",
"web"
],
[
"t",
"vulnerability"
],
[
"t",
"patchtuesday"
],
[
"proxy",
"https://infosec.exchange/users/screaminggoat/statuses/113828366476462278",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/screaminggoat/statuses/113828366476462278",
"pink.momostr"
],
[
"-"
]
],
"content": "Happy #PatchTuesday from **Zyxel**: [Zyxel security advisory for improper privilege management vulnerability in APs and security router devices](https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 )\nCVE-2024-12398 (8.8 high) An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.\n\nThere is no mention of [exploitation](https://infosec.press/screaminggoat/vendor-verbiage ).\n\n#zyxel #cve #vulnerability #infosec #cybersecurity",
"sig": "7ddd194ca3957bd90198f4812ab54c676d0519515b584696249f39c73a02a06d0ea83cc89a99622fd51363cd79b4494e72de0096266b7378cdfcb5f7281872db"
}