Vulnerability Details : CVE-2022-45439
A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.
Products affected by CVE-2022-45439
- cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-45439
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-45439
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
1.6
|
3.6
|
Zyxel Corporation | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
Zyxel Corporation | 2024-12-06 |
CWE ids for CVE-2022-45439
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by:
- nvd@nist.gov (Primary)
- security@zyxel.com.tw (Secondary)
References for CVE-2022-45439
-
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-wifi-credentials-and-improper-symbolic-links-of-ftp-for-ax7501-b0-cpe
Zyxel security advisory for cleartext storage of WiFi credentials and improper symbolic links of FTP for AX7501-B0 CPE | Zyxel NetworksVendor Advisory
Jump to