Security Advisory

ZYXEL networks product security update advisory

  • Jan 15 2025

Overview

ZYXEL networks has released a security update to fix vulnerabilities in its products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

CVE-2024-12398

NWA50AX Version: ~ 7.00 (ABYW.2) (included)
NWA50AX PRO Version: ~ 7.00 (ACGE.2) (included)
NWA55AXE Version: ~ 7.00 (ABZL.2) (included)
NWA90AX Version: ~ 7.00 (ACCV.2) (included)
NWA90AX PRO Version: ~ 7.00 (ACGF.2) (included)
NWA110AX Version: ~ 7.00 (ABTG.2) (included)
NWA130BE Version: ~ 7.00 (ACIL.3) (included)
NWA210AX Version: ~ 7.00 (ABTD.2) (included)
NWA220AX-6E Version: ~ 7.00 (ACCO.2) (included)
NWA1123ACv3 Version: ~ 6.70 (ABVT.4) (included)
WAC500 Version: ~ 6.70 (ABVS.5) (included)
WAC500H Version: ~ 6.70 (ABWA.5) (included)
WAX300H Version: ~ 7.00 (ACHF.2) (included)
WAX510D Version: ~ 7.00 (ABTF.2) (included)
WAX610D version: ~ 7.00 (ABTE.2) (included)
WAX620D-6E versions: ~ 7.00 (ACCN.2) (included)
WAX630S version: ~ 7.00 (ABZD.2) (included)
WAX640S-6E version: ~ 7.00 (ACCM.2) (included)
WAX650S version: ~ 7.00 (ABRM.2) (included)
WAX655E version: ~ 7.00 (ACDO.2) (included)
WBE530 Version: ~ 7.00 (ACLE.3) (included)
WBE660S Version: ~ 6.70 (ACGG.2) (included)
USG LITE 60AX Version: ~ 2.00 (ACIP.4) (included)

 

 

Resolved Vulnerabilities

Improper privilege management vulnerability that allows privilege escalation of a user with limited privileges (CVE-2024-12398)

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-12398

NWA50AX Version: 7.10 (ABYW.1)
NWA50AX PRO Version: 7.10 (ACGE.1)
NWA55AXE Version: 7.10 (ABZL.1)
NWA90AX version: 7.10 (ACCV.1)
NWA90AX PRO version: 7.10 (ACGF.1)
NWA110AX Version: 7.10 (ABTG.1)
NWA130BE Version: 7.10 (ACIL.1)
NWA210AX Version: 7.10 (ABTD.1)
NWA220AX-6E Version: 7.10 (ACCO.1)
NWA1123ACv3 Version: 6.70 (ABVT.6)
WAC500 Version: 6.70 (ABVS.6)
WAC500H Version: 6.70 (ABWA.6)
WAX300H Version: 7.10 (ACHF.1)
WAX510D version: 7.10 (ABTF.1)
WAX610D version: 7.10 (ABTE.1)
WAX620D-6E Version: 7.10 (ACCN.1)
WAX630S version: 7.10 (ABZD.1)
WAX640S-6E Version: 7.10 (ACCM.1)
WAX650S version: 7.10 (ABRM.1)
WAX655E Version: 7.10 (ACDO.1)
WBE530 Version: 7.10 (ACLE.1)
WBE660S Version: 7.00 (ACGG.1)
USG LITE 60AX version: 2.10 (ACIP.0)

 

References

[1] Zyxel security advisory for improper privilege management vulnerability in APs and security router devices
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025

Tags:

Previous Post

Next Post