Описание (на английском; русское — в БДУ выше)
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.
Затрагиваемое ПО
Zyxel Nwa50ax firmwareZyxel Nwa50axZyxel Nwa50ax pro firmwareZyxel Nwa50ax proZyxel Nwa55axe firmwareZyxel Nwa55axeZyxel Nwa90ax firmwareZyxel Nwa90axZyxel Nwa90ax pro firmwareZyxel Nwa90ax proZyxel Nwa110ax firmwareZyxel Nwa110axZyxel Nwa130be firmwareZyxel Nwa130beZyxel Nwa210ax firmwareZyxel Nwa210axZyxel Nwa220ax-6e firmwareZyxel Nwa220ax-6eZyxel Nwa1123acv3 firmwareZyxel Nwa1123acv3Zyxel Wac500 firmwareZyxel Wac500Zyxel Wac500h firmwareZyxel Wac500hZyxel Wax300h firmware
CVSS
| Балл | 8.8 — высокая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Источники
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025