CVE-2020-37150

Summary

Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication.

Affected Software

VendorProductVersion RangeStatus
EDIMAX TechnologyEW-7438RPn-v3 Mini1.23affected
EDIMAX TechnologyEW-7438RPn-v3 Mini1.27affected

Weaknesses

  • CWE-201: Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References