Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34576: CVE_Request/WAVLINK WN535 G3_Sensitive information leakage.md at main · pghuanghui/CVE_Request

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.

CVE
Open in Source
#vulnerability#perl#auth

0x01 Vulnerability description

An issue was discovered in Wavlink WN579G3,Firmware package version M35G3R.V5030.180927,affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.

0x02 Affected version****0x03 Vulnerability

When viewing the /cgi-bin/ExportAllSettings.sh file, it was not properly authorized by the system.

0x04 PoC verification

Directly construct the url link as:

http://xxx.xxx.xxx.xxx/cgi-bin/ExportAllSettings.sh

0x05 Acknowledgement

Penwei.Huang

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE