An issue exists in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wavlink wn530hg4 firmware m30hg4.v5030.191116 |
||
wavlink wn531g3 firmware - |
||
wavlink wn533a8 firmware - |
||
wavlink wn551k1 firmware - |