漏洞描述
在Wavlink WN530HG4、Wavlink WN531G3、WavlinkWN533A8和WavlinkWN551K1中发现一个影响/cgi-bin/ExportAllSettings.sh的问题,其中特制的POST请求返回设备的当前配置,包括管理员密码。不需要身份验证。攻击者必须执行解密步骤,但所有解密信息都很容易获得。
Wavlink WN530HG4 信息泄露(CVE-2020-10973)
PoC代码
暂无相关漏洞推荐
- POC CVE-2016-10973: Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
- POC CVE-2020-10973: WAVLINK - Access Control
- POC CVE-2020-13117: Wavlink Multiple AP - Remote Command Injection
- POC CVE-2022-2486: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-2487: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-2488: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-30489: Wavlink WN-535G3 - Cross-Site Scripting
- POC CVE-2022-34045: WAVLINK WN530HG4 - Improper Access Control
- POC CVE-2022-34047: WAVLINK WN530HG4 - Improper Access Control
- POC CVE-2022-34048: Wavlink WN-533A8 - Cross-Site Scripting
- POC CVE-2022-34049: WAVLINK WN530HG4 - Improper Access Control
- POC CVE-2022-48164: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure
- POC CVE-2022-48165: Wavlink - Improper Access Control