Headline
CVE-2023-29708: WAVLINK-Reset/CVE-2023-29708 at main · shellpei/WAVLINK-Reset
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.
> [VulnerabilityType Other]
>> Arbitrary factory reset vulnerability
---------------------------------------------------------------
> [Affected Component]
>> WAVLINK Wi-Fi APP RPT70HA1.x
---------------------------------------------------------------
> [Attack Type]
>> Remote
---------------------------------------------------------------
> [CVE Impact Other]
>> Arbitrary factory reset
---------------------------------------------------------------
> [Attack Vectors]
>> Please visit the website:
>> https://holistic-height-e6d.notion.site/WAVLINK-Wi-Fi-APP-Arbitrary-factory-reset-vulnerability-b2d747693a7442aaa8b045e57bbd8297
---------------------------------------------------------------
> [Discoverer]
>> Shellpei
---------------------------------------------------------------
> [Reference]
>> https://holistic-height-e6d.notion.site/WAVLINK-Wi-Fi-APP-Arbitrary-factory-reset-vulnerability-b2d747693a7442aaa8b045e57bbd8297
---------------------------------------------------------------
> [Vendor of Product]
>> https://wavlink.com/
---------------------------------------------------------------
> [Affected Product Code Base]
>> WAVLINK Wi-Fi APP Firmware version: RPT70HA1.x , Server:
>> lighttpd/1.4.20 , Access path HTTP status code equal to
>> 200: /cgi-bin/adm.cgi