CVE-2022-45439

MEDIUM

Zyxel AX7501-B0 Firmware < 5.17(ABPC.3)C0 - Cleartext Storage of Sensitive WiFi Credentials

Title source: llm

Description

A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.

References (1)

Core 1

Core References

Vendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-wifi-credentials-and-improper-symbolic-links-of-ftp-for-ax7501-b0-cpe

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 44.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (1)

zyxel/ax7501-b0_firmware < 5.17\(abpc.3\)c0

Published Jan 17, 2023

Tracked Since Feb 18, 2026