CVE-2022-45440

Name of the Vulnerable Software and Affected Versions Zyxel AX7501-B0 firmware versions prior to V5.17(ABPC.3)C0

Description A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.

Recommendations For Zyxel AX7501-B0 firmware versions prior to V5.17(ABPC.3)C0, update to version V5.17(ABPC.3)C0 or later to resolve the issue. As a temporary workaround, consider restricting access to the FTP server and external storage media to minimize the risk of exploitation. Avoid using external storage media that may contain symbolic links to sensitive areas of the file system.