CVE-2020-10972
Published May 7, 2020
Last updated 3 years ago
Overview
- Description
- An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-306
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9ACAF792-450A-4C0D-81DF-CC61EBCA7305"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EDEBD78-C546-49B2-947C-2821E8C89A26"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531g3_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAE015CD-5B74-46BF-96E1-2ABB1EA36BDC"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531g3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3AE2AAA4-71D2-4B70-81FB-836F1A419DBC"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hg3_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "442C07D4-A5F1-4BD5-9727-523D57DB18F8"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D85484EB-22F0-4140-9B9F-AC5EB24159DA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]