CVE-2020-10972

Published: 07/05/2020 Updated: 29/04/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3

Vulnerable Product	Search on Vulmon	Subscribe to Product
wavlink wn530hg4_firmware m30hg4.v5030.191116
wavlink wn531g3_firmware -
wavlink wn572hg3_firmware -

accidentally openwrt

DIRTY FLASH OPENWRT on the following and shut the stock firmware backdoor for goodgitopenwrtorg/?p=openwrt/openwrtgit;a=commit;h=51b653de94e7e5006b5480df33d5dfd9de824cc7 Note As of now 5ghz module on radio2 seems to not cleanly flash with the below method It would require building openwrt from 'make menu' command with that module selected in the build op

CWE-306 CWE-522 https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972 https://github.com/sudo-jtcsec/Nyra https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices https://github.com/Roni-Carta/nyra https://nvd.nist.gov https://github.com/bubbadestroy/Jetstream_AC3000

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-10972

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect