Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-10973

Опубликовано: 07 мая 2020
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Средний

Описание

An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:wavlink:wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:wavlink:wn531g3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn531g3:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:wavlink:wn551k1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wn551k1:-:*:*:*:*:*:*:*

EPSS

Процентиль: 97%
0.37103
Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

github логотип

GHSA-pr83-4gh9-4jr6

CVSS3: 7.5
github
больше 3 лет назад

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices, affecting /cgi-bin/ExportALLSettings.sh. A crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.

EPSS

Процентиль: 97%
0.37103
Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306