Published: 07/05/2020 Updated: 28/04/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000

Vulnerable Product	Search on Vulmon	Subscribe to Product
wavlink wl-wn575a3_firmware rpt75a3.v4300.180801
wavlink wl-wn579g3_firmware m79x3.v5030.180719
wavlink wn531a6_firmware -
wavlink wn535g3_firmware -
wavlink wn530h4_firmware -
wavlink wn57x93_firmware -
wavlink wn572hg3_firmware -
wavlink wn575a4_firmware -
wavlink wn578a2_firmware -
wavlink wn579g3_firmware -
wavlink wn579x3_firmware -
wavlink jetstream_ac3000_firmware -
wavlink jetstream_erac3000_firmware -

CWE-306 https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974 https://github.com/sudo-jtcsec/Nyra https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices https://github.com/Roni-Carta/nyra https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-10974

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect