Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
***********************************
* CVE-2020-12266 *
***********************************
SUMMARY: https://james-clee.com/2020/04/23/more-information-disclosure-in-wavlink-devices/
[Suggested description]
An issue was discovered on WAVLINK
WL-WN579G3 M79X3.V5030.180719,
WL-WN575A3 RPT75A3.V4300.180801, and
WL-WN530HG4 M30HG4.V5030.191116 devices.
There are multiple externally accessible pages that do not require any
sort of authentication, and store system information for internal
usage. The devices automatically query these pages to update
dashboards and other statistics, but the pages can be accessed
externally without any authentication. All the pages follow the naming
convention live_(string).shtml. Among the information disclosed is:
interface status logs, IP address of the device, MAC address of the
device, model and current firmware version, location, all running
processes, all interfaces and their statuses, all current DHCP leases
and the associated hostnames, all other wireless networks in
range of the router, memory statistics, and components of the
configuration of the device such as enabled features.
------------------------------------------
[Additional Information]
If requested I can provide the actual web pages that disclose the
information, but due to how easy it is for someone to access the
information I think it best to not publicize the specific endpoints
------------------------------------------
[Vulnerability Type]
Incorrect Access Control
------------------------------------------
[Vendor of Product]
Wavlink
------------------------------------------
[Affected Product Code Base]
WL-WN579G3 - M79X3.V5030.180719
WL-WN575A3 - RPT75A3.V4300.180801
WL-WN530HG4 - M30HG4.V5030.191116
------------------------------------------
[Affected Component]
Several pages used to host information for internal queries
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
Navigate to the exposed endpoint and the information will be displayed in plaintext on the page or in the source code of the response
------------------------------------------
[Reference]
https://www.wavlink.com
------------------------------------------
[Discoverer]
James Clee