Search

Find a vulnerability

Search criteria

    8 vulnerabilities by ZEXELON CO., LTD.

    CVE-2025-53842 (GCVE-0-2025-53842)

    Vulnerability from nvd – Published: 2025-07-16 04:30 – Updated: 2025-07-18 14:47
    VLAI
    Summary
    Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of hard-coded credentials
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-18T14:47:02.598589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-18T14:47:09.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZWX-2000CSW2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 0.3.19"
                }
              ]
            },
            {
              "product": "ZWX-2000CS2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Use of hard-coded credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-16T04:30:36.624Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://zexelon.co.jp/pdf/jvn44419726.pdf"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44419726/"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-39838"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-53842",
        "datePublished": "2025-07-16T04:30:36.624Z",
        "dateReserved": "2025-07-10T01:58:07.983Z",
        "dateUpdated": "2025-07-18T14:47:09.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41720 (GCVE-0-2024-41720)

    Vulnerability from nvd – Published: 2024-08-05 04:36 – Updated: 2025-03-17 15:02
    VLAI
    Summary
    Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Incorrect Permission Assignment for Critical Resource
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    ZEXELON CO., LTD. ZWX-2000CSW2-HN Affected: firmware versions prior to Ver.0.3.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41720",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T18:45:07.840217Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-732",
                    "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T15:02:35.181Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZWX-2000CSW2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.0.3.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T04:36:17.042Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN70666401/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-41720",
        "datePublished": "2024-08-05T04:36:17.042Z",
        "dateReserved": "2024-07-26T05:46:46.795Z",
        "dateUpdated": "2025-03-17T15:02:35.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39838 (GCVE-0-2024-39838)

    Vulnerability from nvd – Published: 2024-08-05 04:35 – Updated: 2025-03-25 16:20
    VLAI
    Summary
    ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Use of Hard-coded Credentials
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    ZEXELON CO., LTD. ZWX-2000CSW2-HN Affected: firmware versions prior to Ver.0.3.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39838",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T13:27:03.329516Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-798",
                    "description": "CWE-798 Use of Hard-coded Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T16:20:44.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZWX-2000CSW2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.0.3.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T04:35:39.287Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN70666401/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-39838",
        "datePublished": "2024-08-05T04:35:39.287Z",
        "dateReserved": "2024-07-26T05:46:45.774Z",
        "dateUpdated": "2025-03-25T16:20:44.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2025-000049

    Vulnerability from jvndb - Published: 2025-07-16 13:54 - Updated:2025-07-16 13:54
    Severity
    Summary
    ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials
    Details
    ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability. * Use of Hard-coded Credentials (CWE-798) - CVE-2025-53842 This vulnerability is caused by an insufficient fix for CVE-2024-39838 (JVN#70666401). Hiroki Sato of Institute of Science Tokyo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000049.html",
      "dc:date": "2025-07-16T13:54+09:00",
      "dcterms:issued": "2025-07-16T13:54+09:00",
      "dcterms:modified": "2025-07-16T13:54+09:00",
      "description": "ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability.\r\n\r\n* Use of Hard-coded Credentials (CWE-798) - CVE-2025-53842\r\n\r\nThis vulnerability is caused by an insufficient fix for CVE-2024-39838 (\u003ca href=\"https://jvn.jp/en/jp/JVN70666401/\"target=\"blank\"\u003eJVN#70666401\u003c/a\u003e).\r\n\r\nHiroki Sato of Institute of Science Tokyo reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000049.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:misc:zexelon_zwx-2000cs2-hn",
          "@product": "ZWX-2000CS2-HN",
          "@vendor": "ZEXELON CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:zexelon_zwx-2000cs2-hn",
          "@product": "ZWX-2000CS2-HN",
          "@vendor": "ZEXELON CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
          "@product": "ZWX-2000CSW2-HN",
          "@vendor": "ZEXELON CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
          "@product": "ZWX-2000CSW2-HN",
          "@vendor": "ZEXELON CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
          "@product": "ZWX-2000CSW2-HN",
          "@vendor": "ZEXELON CO., LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "4.5",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000049",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN70666401/",
          "@id": "JVN#70666401",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/jp/JVN44419726/index.html",
          "@id": "JVN#44419726",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-53842",
          "@id": "CVE-2025-53842",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials"
    }

    JVNDB-2024-000084

    Vulnerability from jvndb - Published: 2024-08-05 13:46 - Updated:2024-08-05 13:46
    Severity
    Summary
    Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN
    Details
    ZWX-2000CSW2-HN provided by ZEXELON CO., LTD. is a high-speed coaxial modem with wireless LAN functions. ZWX-2000CSW2-HN contains multiple vulnerabilities listed below.
    • Use of hard-coded credentials (CWE-798) - CVE-2024-39838
    • Incorrect permission assignment for critical resource (CWE-732) - CVE-2024-41720
    Hiroki Sato of Tokyo Institute of Technology reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000084.html",
      "dc:date": "2024-08-05T13:46+09:00",
      "dcterms:issued": "2024-08-05T13:46+09:00",
      "dcterms:modified": "2024-08-05T13:46+09:00",
      "description": "ZWX-2000CSW2-HN provided by ZEXELON CO., LTD. is a high-speed coaxial modem with wireless LAN functions. ZWX-2000CSW2-HN contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eUse of hard-coded credentials (CWE-798) - CVE-2024-39838\u003c/li\u003e\r\n\u003cli\u003eIncorrect permission assignment for critical resource (CWE-732) - CVE-2024-41720\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nHiroki Sato of Tokyo Institute of Technology reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000084.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:zexelon_zwx-2000csw2-hn",
        "@product": "ZWX-2000CSW2-HN",
        "@vendor": "ZEXELON CO., LTD.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "8.0",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000084",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN70666401/index.html",
          "@id": "JVN#70666401",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-39838",
          "@id": "CVE-2024-39838",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-41720",
          "@id": "CVE-2024-41720",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN"
    }

    CVE-2025-53842 (GCVE-0-2025-53842)

    Vulnerability from cvelistv5 – Published: 2025-07-16 04:30 – Updated: 2025-07-18 14:47
    VLAI
    Summary
    Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of hard-coded credentials
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-18T14:47:02.598589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-18T14:47:09.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZWX-2000CSW2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 0.3.19"
                }
              ]
            },
            {
              "product": "ZWX-2000CS2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN firmware all versions. If this vulnerability is exploited, an attacker may tamper with the settings of the device by obtaining the credentials. This vulnerability is caused by an insufficient fix for CVE-2024-39838."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Use of hard-coded credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-16T04:30:36.624Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://zexelon.co.jp/pdf/jvn44419726.pdf"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44419726/"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-39838"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-53842",
        "datePublished": "2025-07-16T04:30:36.624Z",
        "dateReserved": "2025-07-10T01:58:07.983Z",
        "dateUpdated": "2025-07-18T14:47:09.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41720 (GCVE-0-2024-41720)

    Vulnerability from cvelistv5 – Published: 2024-08-05 04:36 – Updated: 2025-03-17 15:02
    VLAI
    Summary
    Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Incorrect Permission Assignment for Critical Resource
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    ZEXELON CO., LTD. ZWX-2000CSW2-HN Affected: firmware versions prior to Ver.0.3.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41720",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T18:45:07.840217Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-732",
                    "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T15:02:35.181Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZWX-2000CSW2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.0.3.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T04:36:17.042Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN70666401/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-41720",
        "datePublished": "2024-08-05T04:36:17.042Z",
        "dateReserved": "2024-07-26T05:46:46.795Z",
        "dateUpdated": "2025-03-17T15:02:35.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39838 (GCVE-0-2024-39838)

    Vulnerability from cvelistv5 – Published: 2024-08-05 04:35 – Updated: 2025-03-25 16:20
    VLAI
    Summary
    ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Use of Hard-coded Credentials
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    ZEXELON CO., LTD. ZWX-2000CSW2-HN Affected: firmware versions prior to Ver.0.3.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39838",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T13:27:03.329516Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-798",
                    "description": "CWE-798 Use of Hard-coded Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T16:20:44.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZWX-2000CSW2-HN",
              "vendor": "ZEXELON CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.0.3.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T04:35:39.287Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN70666401/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-39838",
        "datePublished": "2024-08-05T04:35:39.287Z",
        "dateReserved": "2024-07-26T05:46:45.774Z",
        "dateUpdated": "2025-03-25T16:20:44.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }