Описание
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
Ссылки
- Not ApplicableThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Not ApplicableThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken Link
Уязвимые конфигурации
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered on Wavlink WL-WN579G3 - M79X3.V5030.180719 and WL-WN575A3 - RPT75A3.V4300.180801 devices, affecting a backup feature. A crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2