CVE-2022-45439

Name of the Vulnerable Software and Affected Versions Zyxel AX7501-B0 versions prior to V5.17(ABPC.3)C0

Description The issue is related to the storage of a pair of spare WiFi credentials in the configuration file of the Zyxel AX7501-B0 firmware in cleartext. An unauthenticated attacker could use these credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability. This could allow a remote attacker to disclose protected information.

Recommendations For versions prior to V5.17(ABPC.3)C0, update to version V5.17(ABPC.3)C0 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration file to minimize the risk of exploitation. Avoid using the spare WiFi credentials in the configuration file until the issue is resolved.