CVE-2020-10973
Published May 7, 2020
Last updated 3 years ago
Overview
- Description
- An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-306
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EDEBD78-C546-49B2-947C-2821E8C89A26"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9ACAF792-450A-4C0D-81DF-CC61EBCA7305"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn531g3_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAE015CD-5B74-46BF-96E1-2ABB1EA36BDC"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn531g3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3AE2AAA4-71D2-4B70-81FB-836F1A419DBC"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn533a8_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "933A1BB4-577C-442D-8357-2EC7CE5E712F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn533a8:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "45611095-CAF7-40B2-BDA8-B1483B4329FF"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn551k1_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "638D4CDE-A83C-4CDA-A7B5-4F66C57A632D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn551k1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8715346B-4E4E-484F-9783-848D215A1F6A"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]