Description
** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file.
Published: 2026-05-12
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An insecure storage of sensitive information in the Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 configuration file allows a local attacker with administrator privileges to download and decrypt a backup configuration file. The vulnerability is a CWE‑922 weakness that can expose confidential configuration data, enabling attackers to understand device settings or identify future attack vectors. No code execution or denial of service is achievable from the information provided.

Affected Systems

Zyxel WRE6505 v2 firmware, specifically version V1.00(ABDV.3)C0. No other vendor or product variants are mentioned as affected.

Risk and Exploitability

The CVSS score of 4.4 indicates a moderate risk level, while the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting low to moderate exploitation likelihood. The attack vector is local; an individual must already have administrator privileges on the device. Given the device is no longer supported, a patch or vendor fix is unlikely to be available, which increases the importance of internal mitigations.

Generated by OpenCVE AI on May 12, 2026 at 05:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict physical and network access to the device, ensuring only trusted personnel can reach it.
  • Revoke or restrict local administrator privileges to reduce the ability of any one user to download configuration backups.
  • Enable logging and monitor for backup configuration downloads, and configure alerts to detect unauthorized access events.

Generated by OpenCVE AI on May 12, 2026 at 05:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Zyxel
Zyxel wre6505 Firmware
Vendors & Products Zyxel
Zyxel wre6505 Firmware

Tue, 12 May 2026 05:45:00 +0000

Type Values Removed Values Added
Title Local Administrator Can Retrieve Decrypted Configuration Backup from Zyxel WRE6505

Tue, 12 May 2026 04:15:00 +0000

Type Values Removed Values Added
Description ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file.
Weaknesses CWE-922
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Zyxel Wre6505 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published:

Updated: 2026-05-12T12:48:14.646Z

Reserved: 2026-04-28T02:06:56.617Z

Link: CVE-2026-7257

cve-icon Vulnrichment

Updated: 2026-05-12T12:48:09.891Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T04:16:29.497

Modified: 2026-05-12T15:11:29.503

Link: CVE-2026-7257

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T08:45:11Z

Weaknesses