Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE/CVE-2020-10974
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
63 lines (41 sloc)
1.66 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *********************************** | |
| * CVE-2020-10974 * | |
| *********************************** | |
| SUMMARY: https://james-clee.com/2020/04/23/more-information-disclosure-in-wavlink-devices/ | |
| [Suggested description] | |
| An issue was discovered on Wavlink WL-WN575A3 RPT75A3.V4300.180801 | |
| devices, affecting configuration backup functionality. A crafted POST request | |
| returns the current configuration of the device in cleartext, | |
| including the administrator password. No authentication is required. | |
| ------------------------------------------ | |
| [Additional Information] | |
| This can be used in conjunction with the CVE-2020-10971) to achieve full remote code | |
| execution, since you can use the administrator password found here to | |
| create your own session instead of relying on the end user. | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| Insecure Permissions | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| Wavlink | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| WL-WN579G3 - M79X3.V5030.180719 | |
| WL-WN575A3 - RPT75A3.V4300.180801 | |
| ------------------------------------------ | |
| [Affected Component] | |
| WL-WN579G3 - Backup Configuration Functionality | |
| WL-WN575A3 - Backup Configuration Functionality | |
| ------------------------------------------ | |
| [Attack Type] | |
| Remote | |
| ------------------------------------------ | |
| [Impact Information Disclosure] | |
| true | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| A basic post request to the page the retrieves the configuration will run the script and automatically download the | |
| configuration file which is in plain text | |
| ------------------------------------------ | |
| [Reference] | |
| https://www.wavlink.com | |