Pshemo

**Name of the Vulnerable Software and Affected Versions** Zyxel AX7501-B0 versions prior to V5.17(ABPC.3)C0 **Description** The issue is related to the storage of a pair of spare WiFi credentials in the configuration file of the Zyxel AX7501-B0 firmware in cleartext. An unauthenticated attacker could use these credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability. This could allow a remote attacker to disclose protected information. **Recommendations** For versions prior to V5.17(ABPC.3)C0, update to version V5.17(ABPC.3)C0 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration file to minimize the risk of exploitation. Avoid using the spare WiFi credentials in the configuration file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zyxel AX7501-B0 firmware versions prior to V5.17(ABPC.3)C0 **Description** A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device. **Recommendations** For Zyxel AX7501-B0 firmware versions prior to V5.17(ABPC.3)C0, update to version V5.17(ABPC.3)C0 or later to resolve the issue. As a temporary workaround, consider restricting access to the FTP server and external storage media to minimize the risk of exploitation. Avoid using external storage media that may contain symbolic links to sensitive areas of the file system.