An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NWavlink Jetstream Ac3000
HWWavlinkwszystkie wersjeWavlink Jetstream Ac3000 Firmware
OSWavlinkwszystkie wersjeWavlink Jetstream Erac3000
HWWavlinkwszystkie wersjeWavlink Jetstream Erac3000 Firmware
OSWavlinkwszystkie wersjeWavlink Wl Wn530hg4
HWWavlinkwszystkie wersjeWavlink Wl Wn530hg4 Firmware
OSWavlinkm30hg4.v5030.191116Wavlink Wl Wn575a3
HWWavlinkwszystkie wersjeWavlink Wl Wn575a3 Firmware
OSWavlinkrpt75a3.v4300.180801Wavlink Wl Wn579g3
HWWavlinkwszystkie wersjeWavlink Wl Wn579g3 Firmware
OSWavlinkm79x3.v5030.180719Wavlink Wn530h4
HWWavlinkwszystkie wersjeWavlink Wn530h4 Firmware
OSWavlinkwszystkie wersjeWavlink Wn531a6
HWWavlinkwszystkie wersjeWavlink Wn531a6 Firmware
OSWavlinkwszystkie wersjeWavlink Wn531g3
HWWavlinkwszystkie wersjeWavlink Wn531g3 Firmware
OSWavlinkwszystkie wersjeWavlink Wn533a8
HWWavlinkwszystkie wersjeWavlink Wn533a8 Firmware
OSWavlinkwszystkie wersjeWavlink Wn535g3
HWWavlinkwszystkie wersjeWavlink Wn535g3 Firmware
OSWavlinkwszystkie wersjeWavlink Wn551k1
HWWavlinkwszystkie wersjeWavlink Wn551k1 Firmware
OSWavlinkwszystkie wersjeWavlink Wn578a2
HWWavlinkwszystkie wersjeWavlink Wn578a2 Firmware
OSWavlinkwszystkie wersjeWavlink Wn579g3
HWWavlinkwszystkie wersjeWavlink Wn579g3 Firmware
OSWavlinkwszystkie wersjeWavlink Wn579x3
HWWavlinkwszystkie wersjeWavlink Wn579x3 Firmware
OSWavlinkwszystkie wersjeWavlink Wn57x93
HWWavlinkwszystkie wersjeWavlink Wn57x93 Firmware
OSWavlinkwszystkie wersje
Powiązane podatności
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via us...
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when opera...
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which...
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and U...
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is...