Published: 02/10/2020 Updated: 08/10/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an malicious user to execute arbitrary Linux commands as root without authentication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wavlink wn530h4_firmware m30h4.v5030.190403

An implementation of a proof-of-concept for CVE-2020-12124 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12124)

CVE-2020-12124 An implementation of a proof-of-concept for CVE-2020-12124 (cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-12124) The following is an actualization of CVE-2020-12124, a vulnerability which exploits a command injection in the Wavlink WN530H4 router in which certain parameters are taken from URL parameters in a web request to the /cgi-bin/live_apicgi endp

An implementation of a proof-of-concept for CVE-2020-12124

Research and Author David Baker Article: Anatomy of an IoT Exploit, from Hands-On to RCE (External link) CVE-2020-12124 An implementation of a proof-of-concept for CVE-2020-12124 (cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-12124) The following is an actualization of CVE-2020-12124, a vulnerability which exploits a command injection in the Wavlink WN530H4 router i

CWE-78 https://cerne.xyz/bugs/CVE-2020-12124 https://www.wavlink.com/en_us/product/WL-WN530H4.html https://nvd.nist.gov https://github.com/db44k/CVE-2020-12124

CVE-2020-12124

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect