Insecure Storage of Sensitive Information in Zyxel WRE6505 v2 Firmware
CVE-2026-7257

4.4MEDIUM

Key Information:

Vendor: Zyxel
Status: Wre6505 V2 Firmware
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-7257?

A security vulnerability in the configuration file of Zyxel WRE6505 v2 firmware allows a local attacker with administrative privileges to download and decrypt a backup configuration file. This flaw can lead to the exposure of sensitive information, compromising the integrity and confidentiality of the user's data. Users of affected firmware versions should consider upgrading to secure their systems against potential threats.

Affected Version(s)

WRE6505 v2 firmware V1.00(ABDV.3)C0

References

https://www.zyxel.com/global/en/support/end-of-life

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 28, 2026

CVE-2026-7257 Data

JSON