Primary

Context

Zyxel WBE530 and WBE660S Improper Privilege Management Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A vulnerability has been identified in the web management interface of the Zyxel WBE530 and WBE660S access points. This vulnerability, present in WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2), allows an authenticated user with limited privileges to escalate their privileges to that of an administrator. This privilege escalation could enable the user to upload configuration files to the affected device.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to gain administrative rights on the device.

Remediation

Users can upgrade to WBE530 version 7.10(ACIL.1) or WBE660S version 7.00(ACGG.1) to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Affected Products

Zyxel NWA50AX

Moderate fix1 remedy

cpe:2.3:h:zyxel:nwa50ax:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ABYW.2)

Zyxel NWA50AX PRO

Moderate fix1 remedy

cpe:2.3:h:zyxel:nwa50ax-pro:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ACGE.2)

Zyxel NWA55AXE

Moderate fix1 remedy

cpe:2.3:h:zyxel:nwa55axe:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ABZL.2)

Zyxel NWA90AX

Moderate fix1 remedy

cpe:2.3:h:zyxel:nwa90ax:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ACCV.2)

Zyxel NWA90AX PRO

Moderate fix1 remedy

cpe:2.3:h:zyxel:nwa90ax-pro:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ACGF.2)

Zyxel NWA110AX

Moderate fix1 remedy

cpe:2.3:h:zyxel:nwa110ax:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ABTG.2)

Zyxel NWA130BE

Moderate fix1 remedy

cpe:2.3:h:zyxel:nwa130be:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ACIL.3)

Zyxel NWA210AX

Moderate fix1 remedy

cpe:2.3:h:zyxel:nwa210ax:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ABTD.2)

Zyxel NWA220AX-6E

Moderate fix1 remedy

cpe:2.3:h:zyxel:nwa220ax-6e:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ACCO.2)

Zyxel NWA1123ACv3

Moderate fix1 remedy

cpe:2.3:h:zyxel:nwa1123acv3:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 6.70(ABVT.4)

Zyxel WAC500

Moderate fix1 remedy

cpe:2.3:h:zyxel:wac500:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 6.70(ABVS.5)

Zyxel WAC500H

Moderate fix1 remedy

cpe:2.3:h:zyxel:wac500h:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 6.70(ABWA.5)

Zyxel WAX300H

Moderate fix1 remedy

cpe:2.3:h:zyxel:wax300h:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ACHF.2)

Zyxel WAX510D

Moderate fix1 remedy

cpe:2.3:h:zyxel:wax510d:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ABTF.2)

Zyxel WAX610D

Moderate fix1 remedy

cpe:2.3:h:zyxel:wax610d:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ABTE.2)

Zyxel WAX620D-6E

Moderate fix1 remedy

cpe:2.3:h:zyxel:wax620d-6e:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ACCN.2)

Zyxel WAX630S

Moderate fix1 remedy

cpe:2.3:h:zyxel:wax630s:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ABZD.2)

Zyxel WAX640S-6E

Moderate fix1 remedy

cpe:2.3:h:zyxel:wax640s-6e:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ACCM.2)

Zyxel WAX650S

Moderate fix1 remedy

cpe:2.3:h:zyxel:wax650s:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ABRM.2)

Zyxel WAX655E

Moderate fix1 remedy

cpe:2.3:h:zyxel:wax655e:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ACDO.2)

Zyxel WBE530

Moderate fix1 remedy

cpe:2.3:h:zyxel:wbe530:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 7.00(ACLE.3)

Zyxel WBE660S

Moderate fix1 remedy

cpe:2.3:h:zyxel:wbe660s:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 6.70(ACGG.2)

Zyxel USG LITE 60AX

Moderate fix1 remedy

cpe:2.3:h:zyxel:usg_lite_60ax:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

<= 2.00(ACIP.4)

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zyxel WBE530 and WBE660S Improper Privilege Management Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Zyxel NWA50AX

Zyxel NWA50AX PRO

Zyxel NWA55AXE

Zyxel NWA90AX

Zyxel NWA90AX PRO

Zyxel NWA110AX

Zyxel NWA130BE

Zyxel NWA210AX

Zyxel NWA220AX-6E

Zyxel NWA1123ACv3

Zyxel WAC500

Zyxel WAC500H

Zyxel WAX300H

Zyxel WAX510D

Zyxel WAX610D

Zyxel WAX620D-6E

Zyxel WAX630S

Zyxel WAX640S-6E

Zyxel WAX650S

Zyxel WAX655E

Zyxel WBE530

Zyxel WBE660S

Zyxel USG LITE 60AX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating