Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
************************************
* CVE-2020-10972 *
************************************
SUMMARY: https://james-clee.com/2020/04/18/multiple-wavlink-vulnerabilities/
[Suggested description]
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116
devices. A page is exposed that has the current administrator password
in cleartext in the source code of the page. No authentication is
required in order to reach the page (live_********.shtml with the variable
syspasswd).
------------------------------------------
[Additional Information]
This can be used in conjunction with CVE-2020-10971 for
WL-WN530HG4 to achieve full remote code execution,
since you can use the administrator password found here to create your
own session instead of relying on the end user.
------------------------------------------
[Vulnerability Type]
Insecure Permissions
------------------------------------------
[Vendor of Product]
Wavlink
------------------------------------------
[Affected Product Code Base]
WL-WN530HG4 - M30HG4.V5030.191116
------------------------------------------
[Affected Component]
live_********.shtml
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
Go to live_********.shtml, then go to the source code of the page, then
look for where the variable syspasswd is defined - it's the password
for the administrator account in plaintext
------------------------------------------
[Reference]
https://www.wavlink.com