PT-2023-15597 · Wavlink · Wavlink Wl-Wn533A8

Strik3R0X1

Publicado

2023-02-06

Atualizado

2025-03-26

CVE-2022-48164

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN533A8 version M33A8.V5030.190716

Description An access control issue in the component /cgi-bin/ExportLogs.sh allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

Recommendations For version M33A8.V5030.190716, consider restricting access to the /cgi-bin/ExportLogs.sh component to prevent unauthenticated downloads of sensitive data. As a temporary workaround, consider disabling the ExportLogs.sh functionality until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2022-48164

Produtos afetados

Wavlink Wl-Wn533A8

PT-2023-15597 · Wavlink · Wavlink Wl-Wn533A8

CVE-2022-48164

Identificadores relacionados

Produtos afetados

Referências · 6