CVE-2022-45439 MEDIUM

CVE-2022-45439

Vendor Zyxel

Product AX7501-B0 firmware

Weakness CWE-312 · Cleartext storage

Published January 17, 2023

Last update April 3, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.

Key dates

02Disclosure timeline

January 17, 2023 CVE published

April 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-45439 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/312.html

Related vulnerabilities

CVE-2022-45439

01Description

02Disclosure timeline

03References

04Related CVE