Vulnerability Description
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Ax7501-B0 Firmware | < 5.17\(abpc.3\)c0 |
| Zyxel | Ax7501-B0 | - |
Related Weaknesses (CWE)
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
FAQ
What is CVE-2022-45440?
CVE-2022-45440 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with adminis...
How severe is CVE-2022-45440?
CVE-2022-45440 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45440?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Ax7501-B0 Firmware, Zyxel Ax7501-B0.