cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12398,https://securityvulnerability.io/vulnerability/CVE-2024-12398,Improper Privilege Management in Zyxel WBE530 and WBE660S Firmware,"An improper privilege management vulnerability exists in the web management interface of Zyxel WBE530 and WBE660S firmware versions. This vulnerability allows an authenticated user with limited permissions to escalate their privileges to that of an administrator. By exploiting this flaw, a malicious user gains the ability to upload potentially harmful configuration files to the device, which can compromise the security and integrity of the affected system.",Zyxel,"Wbe530 Firmware,Wbe660s Firmware",8.8,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-14T01:39:04.348Z,0
CVE-2024-1575,https://securityvulnerability.io/vulnerability/CVE-2024-1575,Improper Privilege Management Vulnerability Affects Zyxel WBE660S Firmware,"An improper privilege management vulnerability exists in Zyxel WBE660S firmware versions up to 6.70(ACGG.3). This flaw permits authenticated users to escalate their privileges, potentially enabling them to download sensitive configuration files. If exploited, this vulnerability poses a significant risk to the integrity and confidentiality of network configurations, warranting immediate attention from users of the affected firmware.",Zyxel,Wbe660s Firmware,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-07-23T01:39:53.232Z,0
CVE-2023-6398,https://securityvulnerability.io/vulnerability/CVE-2023-6398,"Post-Authentication Command Injection Vulnerability Affects Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, USG20(W)-VPN Series, NWA50AX, WAC500, WAX300H, and WBE660S Firmware","A post-authentication command injection vulnerability exists in multiple Zyxel devices, specifically within the file upload binary. This issue affects various firmware versions across multiple series, including Zyxel ATP, USG FLEX, and WAC series. When an attacker with administrator privileges accesses an affected device via FTP, they may execute arbitrary operating system commands, potentially compromising the integrity and functionality of the device. This vulnerability underscores the importance of keeping firewall and network equipment firmware updated to safeguard against potential attacks.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Nwa50ax Firmware,Wac500 Firmware,Wax300h Firmware,Wbe660s Firmware,Usg Flex H Series Firmware",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-20T01:34:32.229Z,0
CVE-2023-5797,https://securityvulnerability.io/vulnerability/CVE-2023-5797,"Improper Privilege Management in Zyxel ATP, USG FLEX, and NWA Series Firmware","An improper privilege management vulnerability exists in the debug CLI command of various Zyxel firmware products, allowing an authenticated local attacker to exploit this weakness. By leveraging this vulnerability, the attacker could potentially access sensitive administrator logs, thereby compromising the confidentiality and integrity of device management logs across several series, including ATP, USG FLEX, and various Access Points. It's crucial for users to apply the necessary patches and updates to secure their devices against possible exploitation.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Vpn Series Firmware,Nwa50ax Firmware,Wac500 Firmware,Wax300h Firmware,Wbe660s Firmware",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-28T03:15:00.000Z,0
CVE-2023-37925,https://securityvulnerability.io/vulnerability/CVE-2023-37925,Improper Privilege Management in Zyxel ATP and USG FLEX Products,"The vulnerability presents an improper privilege management issue within the debug CLI command of specific Zyxel firmware versions. This flaw could potentially allow authenticated local attackers to access sensitive system files on the affected devices, exposing critical data and control mechanisms.",Zyxel,"ATP series firmware,USG FLEX series firmware,USG FLEX 50(W) series firmware,USG20(W)-VPN series firmware,VPN series firmware,NWA50AX firmware,WAC500 firmware,WAX300H firmware,WBE660S firmware",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-28T02:15:00.000Z,0