CVE-2020-10974
N/A
N/A
Summary
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974
- https://github.com/sudo-jtcsec/Nyra
- https://github.com/Roni-Carta/nyra
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices
References
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974
- https://github.com/sudo-jtcsec/Nyra
- https://github.com/Roni-Carta/nyra
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.