CVE-2024-12398

Q: What is the severity of CVE-2024-12398?

CVE-2024-12398 has a CVSS score of 8.8 (HIGH). An authenticated user with limited privileges can escalate to administrator level on affected Zyxel devices, allowing them to upload configuration files and potentially take full control. This affects Zyxel WBE530 and WBE660S devices running vulnerable firmware versions. Attackers with initial access can exploit this to compromise network security.

8.8 HIGH

Authentication Bypass

📋 TL;DR

An authenticated user with limited privileges can escalate to administrator level on affected Zyxel devices, allowing them to upload configuration files and potentially take full control. This affects Zyxel WBE530 and WBE660S devices running vulnerable firmware versions. Attackers with initial access can exploit this to compromise network security.

💻 Affected Systems

Products:

Zyxel WBE530
Zyxel WBE660S

Versions: WBE530 firmware through 7.00(ACLE.3), WBE660S firmware through 6.70(ACGG.2)

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web management interface. Requires authenticated access but with limited privileges.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attacker to reconfigure network settings, intercept traffic, install backdoors, or use device as pivot point for lateral movement.

🟠

Likely Case

Privileged attacker gains administrative control, modifies device configuration, and potentially disrupts network operations or steals sensitive data.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent initial authentication by unauthorized users.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access with limited privileges. Exploitation likely involves manipulating web interface requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: WBE530: firmware version after 7.00(ACLE.3), WBE660S: firmware version after 6.70(ACGG.2)

Vendor Advisory: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025

Restart Required: Yes

Instructions:

1. Download latest firmware from Zyxel support portal. 2. Backup current configuration. 3. Upload firmware via web interface. 4. Apply firmware update. 5. Restart device. 6. Verify firmware version.

🔧 Temporary Workarounds

Restrict web interface access

all

Limit access to management interface to trusted IP addresses only

Disable unnecessary user accounts

all

Remove or disable any non-essential user accounts with limited privileges

🧯 If You Can't Patch

Segment affected devices on isolated network segments
Implement strict access controls and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under System > Firmware or via CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify firmware version is above vulnerable versions: WBE530 > 7.00(ACLE.3), WBE660S > 6.70(ACGG.2)

📡 Detection & Monitoring

Log Indicators:

Multiple privilege escalation attempts
Configuration file uploads by non-admin users
Unusual admin account activity

Network Indicators:

Unusual traffic patterns from management interface
Configuration uploads to unexpected destinations

SIEM Query:

source="zyxel_logs" AND (event_type="privilege_escalation" OR event_type="config_upload")

📊 Metadata

CVE ID: CVE-2024-12398

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

EPSS Score: 0.19% exploit probability (41.1th percentile)

Published: January 14, 2025

Last Updated: January 21, 2025

🔗 References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Nwa110ax Firmware by Zyxel

Nwa1123acv3 Firmware by Zyxel

Nwa130be Firmware by Zyxel

Nwa210ax Firmware by Zyxel

Nwa220ax 6e Firmware by Zyxel

Nwa50ax Firmware by Zyxel

Nwa50ax Pro Firmware by Zyxel

Nwa55axe Firmware by Zyxel

Nwa90ax Firmware by Zyxel

Nwa90ax Pro Firmware by Zyxel

Usg Lite 60ax Firmware by Zyxel

Wac500 Firmware by Zyxel

Wac500h Firmware by Zyxel

Wax300h Firmware by Zyxel

Wax510d Firmware by Zyxel

Wax610d Firmware by Zyxel

Wax620d 6e Firmware by Zyxel

Wax630s Firmware by Zyxel

Wax640s 6e Firmware by Zyxel

Wax650s Firmware by Zyxel

Wax655e Firmware by Zyxel

Wbe530 Firmware by Zyxel

Wbe660s Firmware by Zyxel