Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file.
AnalysisAI
Zyxel WRE6505 v2 firmware stores sensitive configuration data in an insecure manner, allowing local administrators to download and decrypt backup configuration files, leading to disclosure of confidential credentials and network settings. The vulnerability affects firmware version V1.00(ABDV.3)C0 and requires local access with administrative privileges. No public exploit code or active exploitation has been identified; however, the product is no longer supported by Zyxel, limiting patch availability.
Technical ContextAI
This is a CWE-922 insecure storage of sensitive information vulnerability affecting the Zyxel WRE6505 v2 wireless range extender firmware. The vulnerability resides in how the device's configuration backup files are encrypted and stored, allowing an administrator with local access to the device to retrieve and decrypt these backups. WRE6505 v2 is a compact WiFi range extender typically deployed in small office or residential settings. The CPE identifier cpe:2.3:a:zyxel:wre6505_v2_firmware indicates the vulnerability affects the firmware component across all versions of the WRE6505 v2 product line. The insecure encryption mechanism for configuration backups is a common weakness in firmware implementations where encryption keys are hardcoded, predictable, or stored alongside encrypted data.
RemediationAI
No vendor-released patch is available; Zyxel has classified this product as end-of-life and is not releasing further firmware updates. Organizations should prioritize decommissioning and replacing affected WRE6505 v2 devices with supported alternatives. Interim compensating controls include: (1) restrict administrator account access to the device via firewall rules or network segmentation, limiting who can physically or remotely access the web interface; (2) disable remote administration features in the device settings if available, reducing attack surface; (3) regularly audit administrator accounts and rotate credentials to detect unauthorized access; (4) ensure configuration backups are stored in encrypted channels only (use HTTPS/TLS) and protect backup files with additional application-layer encryption if exported; (5) monitor system logs for suspicious backup downloads or configuration exports. These controls mitigate but do not eliminate the risk. Replacement with a vendor-supported WiFi extender model is the recommended long-term remediation.
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. Rated h
Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication command injection via Telnet management commands, compani
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attac
The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware v
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware vers
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Pat
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.3
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex ar
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmwa
Same weakness CWE-922 – Insecure Storage of Sensitive Information
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29377
GHSA-ppfx-mp77-6vfg