Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Summary:

WAVLINK Aerial G - AC1200 High Power Dual Band Wireless Router (WL-WN530H4) devices running firmware version (M30H4.V5030.210121) have an access control issue, allowing unauthenticated attackers to download configuration data and log files and obtain admin credentials.

Vendor:

  • Wavlink

Affected Product:

  • WL-WN530H4

Version:

  • M30H4.V5030.210121

Details:

When an unauthenticated attacker requests /cgi-bin/ExportLogs.sh this will lead to downloading all configurations and Admin Credentials and accessing the Device Dashboard.

  1. Check Application Device Version:

image

  1. request the vulnerable component.

image

  1. Accessing Admin Dashboard:

image