WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
In the firmware of the Wavlink WN531P3 device (version 202383), the /etc/shadow file contains a hardcoded password for the root account. Since the password is embedded in the software and identical across all devices in this series, an attacker who discovers it can log in as root on any vulnerable device. No user interaction or prior privileges are required.
The attacker gains full administrative (root) access to the device, enabling them to take control of its configuration, network, and potentially the entire infrastructure that the device has access to.
Apply patches available from the manufacturer according to the references. As immediate remedial measures, it is recommended to restrict device access only to trusted networks and monitor login attempts to the root account.
Wavlink WN531P3 with firmware version 202383
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWavlink Wn531p3
HWWavlinkwszystkie wersjeWavlink Wn531p3 Firmware
OSWavlink202383
Related vulnerabilities
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and U...
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which...
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is...
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManage...
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp...