CVE-2020-10973
N/A
N/A
Summary
An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973
- https://github.com/sudo-jtcsec/Nyra
- https://github.com/Roni-Carta/nyra
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973-affected_devices
References
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973
- https://github.com/sudo-jtcsec/Nyra
- https://github.com/Roni-Carta/nyra
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973-affected_devices
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.