WAVLINK WN530HG4 漏洞列表

WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

Wavlink WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can download log files and configuration data via Exportlogs.sh and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

Wavlink WL-WN530H4M30H4.V5030.210121易受组件中不正确的访问控制的影响。攻击者可以下载配置数据和日志文件，获取管理员凭据，并可能执行未经授权的操作。

在Wavlink WN530HG4、Wavlink WN531G3、WavlinkWN533A8和WavlinkWN551K1中发现一个影响/cgi-bin/ExportAllSettings.sh的问题，其中特制的POST请求返回设备的当前配置，包括管理员密码。不需要身份验证。攻击者必须执行解密步骤，但所有解密信息都很容易获得。