Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN



Published: 2024-08-05
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2024-39838
CVE-2024-41720
CWE-ID CWE-798
CWE-732
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
ZWX-2000CSW2-HN
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Use of hard-coded credentials

EUVDB-ID: #VU95269

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39838

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote user to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote administrator on the local network can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ZWX-2000CSW2-HN: before 0.3.15

External links

http://jvn.jp/en/jp/JVN70666401/index.html
http://www.zexelon.co.jp/pdf/jvn70666401.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Incorrect permission assignment for critical resource

EUVDB-ID: #VU95271

Risk: Medium

CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41720

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to incorrect permission assignment for critical resource. A remote user on the local network can alter the configuration of the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ZWX-2000CSW2-HN: before 0.3.15

External links

http://jvn.jp/en/jp/JVN70666401/index.html
http://www.zexelon.co.jp/pdf/jvn70666401.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###