Headline
CVE-2022-31847: CVE_Request/WAVLINK WN579 X3__Sensitive information leakage.md at main · pghuanghui/CVE_Request
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.
0x01 Vulnerability description
An issue was discovered in Wavlink WN579X3,Firmware package version M79X3.V5030.180719,affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
0x02 Affected version****0x03 Vulnerability
When viewing the /cgi-bin/ExportAllSettings.sh file, it was not properly authorized by the system.
0x04 PoC verification
Directly construct the url link as:
http://xxx.xxx.xxx.xxx/cgi-bin/ExportAllSettings.sh
You can download the configuration file, the configuration file contains the account password
0x05 Acknowledgement
Penwei.Huang