Published: 07/05/2020 Updated: 28/04/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wavlink wn530hg4_firmware m30hg4.v5030.191116
wavlink wn531g3_firmware -
wavlink wn533a8_firmware -
wavlink wn551k1_firmware -

Check Point Reference: CPAI-2022-2028 Date Published: 7 Mar 2024 Severity: Critical ...

CWE-306 https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973 https://github.com/sudo-jtcsec/Nyra https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973-affected_devices https://github.com/Roni-Carta/nyra https://nvd.nist.gov https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2022-2028.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-10973

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect