ID CVE-2022-45439
Summary A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:zyxel:ax7501-b0_firmware:5.17\(abpc.1\)c0:*:*:*:*:*:*:*
    cpe:2.3:o:zyxel:ax7501-b0_firmware:5.17\(abpc.1\)c0:*:*:*:*:*:*:*
  • cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*
    cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-312
CAPEC
  • Retrieve Embedded Sensitive Data
    An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 24-01-2023 - 20:16
Published 17-01-2023 - 02:15
Last modified 24-01-2023 - 20:16
Back to Top