HIGH🇵🇱 Wersja polska

CVE-2020-10973

CVSS 7.5v3.1pub. 2020-05-07upd. 2024-11-21

An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Wavlink Wn530hg4

    HW
    Wavlink
    wszystkie wersje
  • Wavlink Wn530hg4 Firmware

    OS
    Wavlink
    m30hg4.v5030.191116
  • Wavlink Wn531g3

    HW
    Wavlink
    wszystkie wersje
  • Wavlink Wn531g3 Firmware

    OS
    Wavlink
    wszystkie wersje
  • Wavlink Wn533a8

    HW
    Wavlink
    wszystkie wersje
  • Wavlink Wn533a8 Firmware

    OS
    Wavlink
    wszystkie wersje
  • Wavlink Wn551k1

    HW
    Wavlink
    wszystkie wersje
  • Wavlink Wn551k1 Firmware

    OS
    Wavlink
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-35521CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManage...

CVE-2022-35520CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is...

CVE-2022-35518CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and U...

CVE-2022-35519CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which...

CVE-2022-35522CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp...