Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv3

CVE-2022-45440

Published: 17/01/2023 Updated: 07/07/2023
CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8
VMScore: 0

Vulnerability Summary

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zyxel ax7501-b0_firmware

Github Repositories

https://github.com/psie/zyxel

Vulnerabilities in Zyxel devices

CVE-2022-45439 CVE-2022-45440

References

CWE-59https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-wifi-credentials-and-improper-symbolic-links-of-ftp-for-ax7501-b0-cpehttps://nvd.nist.govhttps://github.com/psie/zyxel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316SQL injectiontype confusionCVE-2024-20697CVE-2024-4344localCVE-2024-30043CVE-2024-3821CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook