CVE-2022-45439

CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 55.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Ax7501-b0 Firmware

Timeline

PublishedJan 17

Description

A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5zyxel/ax7501-b0_firmware< V5.17(ABPC.3)C0

▶NVDzyxel/ax7501-b0_firmware< 5.17\(abpc.3\)c0

🔴Vulnerability Details

CVEList

CVE-2022-45439: A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5↗2023-01-17

▶

GHSA

GHSA-j2fh-23pr-vj2r: A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5↗2023-01-17

▶