An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
References
Link | Resource |
---|---|
https://github.com/Roni-Carta/nyra | Not Applicable Third Party Advisory |
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973 | Third Party Advisory |
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973-affected_devices | Third Party Advisory |
https://github.com/sudo-jtcsec/Nyra | Broken Link |
https://github.com/Roni-Carta/nyra | Not Applicable Third Party Advisory |
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973 | Third Party Advisory |
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973-affected_devices | Third Party Advisory |
https://github.com/sudo-jtcsec/Nyra | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 04:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Roni-Carta/nyra - Not Applicable, Third Party Advisory | |
References | () https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973 - Third Party Advisory | |
References | () https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973-affected_devices - Third Party Advisory | |
References | () https://github.com/sudo-jtcsec/Nyra - Broken Link |
Information
Published : 2020-05-07 18:15
Updated : 2024-11-21 04:56
NVD link : CVE-2020-10973
Mitre link : CVE-2020-10973
CVE.ORG link : CVE-2020-10973
JSON object : View
Products Affected
wavlink
- wn551k1_firmware
- wn551k1
- wn530hg4_firmware
- wn531g3_firmware
- wn530hg4
- wn533a8_firmware
- wn531g3
- wn533a8
CWE
CWE-306
Missing Authentication for Critical Function