A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.
References
Configurations
Configuration 1 (hide)
AND |
|
History
24 Jan 2023, 20:16
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zyxel ax7501-b0 Firmware
Zyxel ax7501-b0 Zyxel |
|
CPE | cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-312 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-wifi-credentials-and-improper-symbolic-links-of-ftp-for-ax7501-b0-cpe - Vendor Advisory |
17 Jan 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-17 02:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-45439
Mitre link : CVE-2022-45439
CVE.ORG link : CVE-2022-45439
JSON object : View
Products Affected
zyxel
- ax7501-b0
- ax7501-b0_firmware
CWE
CWE-312
Cleartext Storage of Sensitive Information