Описание
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3
Ссылки
- Not ApplicableThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Not ApplicableThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken Link
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:wavlink:wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:wavlink:wn531g3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn531g3:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:wavlink:wn572hg3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00305
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. A page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd).
EPSS
Процентиль: 53%
0.00305
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306