Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
***********************************
* CVE-2020-10971 *
***********************************
SUMMARY: https://james-clee.com/2020/04/18/multiple-wavlink-vulnerabilities/
[Suggested description]
An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719,
WL-WN575A3 RPT75A3.V4300.180801, and WL-WN530HG4 M30HG4.V5030.191116
devices. A crafted POST request can be sent to adm.cgi that will
result in the execution of the supplied command if there is an active
session at the same time. The POST request itself is not validated to
ensure it came from the active session.
------------------------------------------
[Additional Information]
Three different information disclosure vulnerabilities outlined in CVE-2020-10972,
CVE-2020-10973, and CVE-2020-10974 allow you to get the administrator password and
thus create your own session instead of relying on an end user to be authenticated
at that time.
------------------------------------------
[Vulnerability Type]
Insecure Permissions
------------------------------------------
[Vendor of Product]
Wavlink
------------------------------------------
[Affected Product Code Base]
WL-WN579G3 - M79X3.V5030.180719
WL-WN575A3 - RPT75A3.V4300.180801
WL-WN530HG4 - M30HG4.V5030.191116
------------------------------------------
[Affected Component]
adm.cgi
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Attack Vectors]
A post request with specific parameters made to adm.cgi results in
execution of a supplied command as root if there is a user with an
active session at the same time
------------------------------------------
[Reference]
https://www.wavlink.com