Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-10972: CVE/CVE-2020-10972 at master · sudo-jtcsec/CVE

An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3

CVE
#vulnerability#rce#auth

Permalink

Cannot retrieve contributors at this time

************************************

* CVE-2020-10972 *

************************************

SUMMARY: https://james-clee.com/2020/04/18/multiple-wavlink-vulnerabilities/

[Suggested description]

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116

devices. A page is exposed that has the current administrator password

in cleartext in the source code of the page. No authentication is

required in order to reach the page (live_********.shtml with the variable

syspasswd).

------------------------------------------

[Additional Information]

This can be used in conjunction with CVE-2020-10971 for

WL-WN530HG4 to achieve full remote code execution,

since you can use the administrator password found here to create your

own session instead of relying on the end user.

------------------------------------------

[Vulnerability Type]

Insecure Permissions

------------------------------------------

[Vendor of Product]

Wavlink

------------------------------------------

[Affected Product Code Base]

WL-WN530HG4 - M30HG4.V5030.191116

------------------------------------------

[Affected Component]

live_********.shtml

------------------------------------------

[Attack Type]

Remote

------------------------------------------

[Impact Information Disclosure]

true

------------------------------------------

[Attack Vectors]

Go to live_********.shtml, then go to the source code of the page, then

look for where the variable syspasswd is defined - it’s the password

for the administrator account in plaintext

------------------------------------------

[Reference]

https://www.wavlink.com

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907