Headline
CVE-2022-31309: CVE_Request/WAVLINK AC1200_check_live.md at main · pghuanghui/CVE_Request
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function.
0x01 Vulnerability description
A vulnerability is in the ‘live_check.shtml’ page of the AERIAL X 1200M,Firmware package version M79X3.V5030.180719
Unauthorized users can obtain the key information of the router by visiting:
http://xxx.xxx.xxx.xxx/live_check.shtml
0x02 Affected version****0x03 Vulnerability
Under the live_check.shtml file, use the exec cmd function to execute the command
0x04 PoC verification
In the live_check.shtml interface, it contains various information of the router, such as: firmware version, MAC address, etc., and even information such as the running process of the router.