Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE/CVE-2020-10971
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
65 lines (45 sloc)
1.74 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *********************************** | |
| * CVE-2020-10971 * | |
| *********************************** | |
| SUMMARY: https://james-clee.com/2020/04/18/multiple-wavlink-vulnerabilities/ | |
| [Suggested description] | |
| An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, | |
| WL-WN575A3 RPT75A3.V4300.180801, and WL-WN530HG4 M30HG4.V5030.191116 | |
| devices. A crafted POST request can be sent to adm.cgi that will | |
| result in the execution of the supplied command if there is an active | |
| session at the same time. The POST request itself is not validated to | |
| ensure it came from the active session. | |
| ------------------------------------------ | |
| [Additional Information] | |
| Three different information disclosure vulnerabilities outlined in CVE-2020-10972, | |
| CVE-2020-10973, and CVE-2020-10974 allow you to get the administrator password and | |
| thus create your own session instead of relying on an end user to be authenticated | |
| at that time. | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| Insecure Permissions | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| Wavlink | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| WL-WN579G3 - M79X3.V5030.180719 | |
| WL-WN575A3 - RPT75A3.V4300.180801 | |
| WL-WN530HG4 - M30HG4.V5030.191116 | |
| ------------------------------------------ | |
| [Affected Component] | |
| adm.cgi | |
| ------------------------------------------ | |
| [Attack Type] | |
| Remote | |
| ------------------------------------------ | |
| [Impact Code execution] | |
| true | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| A post request with specific parameters made to adm.cgi results in | |
| execution of a supplied command as root if there is a user with an | |
| active session at the same time | |
| ------------------------------------------ | |
| [Reference] | |
| https://www.wavlink.com |