Lucene search

Japan Vulnerability NotesJVN:70666401

HistoryAug 05, 2024 - 12:00 a.m.

JVN#70666401: Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN

2024-08-0500:00:00

Japan Vulnerability Notes

jvn.jp

zexelon zwx-2000csw2-hn

hard-coded credentials

incorrect permission assignment

firmware update

configuration alteration

ver.0.3.15

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

22.3%

JSON

ZWX-2000CSW2-HN provided by ZEXELON CO., LTD. is a high-speed coaxial modem with wireless LAN functions. ZWX-2000CSW2-HN contains multiple vulnerabilities listed below.

Use of hard-coded credentials (CWE-798) CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score 4.5 CVE-2024-39838Incorrect permission assignment for critical resource (CWE-732) CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-41720

Impact

An attacker may alter the configuration of the device.

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Products Affected

ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

22.3%

JSON

Related for JVN:70666401