Headline
CVE-2022-45440: Zyxel security advisory for cleartext storage of WiFi credentials and improper symbolic links of FTP for AX7501-B0 CPE | Zyxel Networks
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.
CVE: CVE-2022-45439, CVE-2022-45440****Summary
Zyxel has released a patch addressing the cleartext storage of WiFi credentials and improper FTP symbolic links in the AX7501-B0 CPE, and advises users to install the patch for optimal protection.
What are the vulnerabilities?
CVE-2022-45439
A pair of spare WiFi credentials is stored in the configuration file of the AX7501-B0 CPE in cleartext. A local unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.
CVE-2022-45440
A vulnerability exists in the FTP server of the AX7501-B0 CPE, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified only one vulnerable product that is within the vulnerability support period and released a firmware patch to address the issues, as shown in the table below.
Affected model
Patch availability*
AX7501-B0
V5.17(ABPC.3)C0
*Please contact your sales representative or support team for the file.
Please note that the table does NOT include customized models for internet service providers (ISPs).
For ISPs, please contact your Zyxel sales or service representatives for further details.
For end-users who received your Zyxel device from an ISP, we recommend you reach out to the ISP’s support team directly, as the device may have custom-built settings.
For end-users who purchased the Zyxel devices on your own, please contact your local Zyxel support team for the new firmware file to ensure optimal protection, or visit our forum for further assistance.
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Acknowledgment
Thanks to the following security researcher and consultancy for reporting the issues to us:
- Pshemo for CVE-2022-45439 and CVE-2022-45440
- SEC Consult for CVE-2022-45440
Revision history
2023-1-17: Initial release.