PT-2020-13053 · Wavlink · Wavlink Wn530H4

Published

2020-10-02

Updated

2021-07-21

CVE-2020-12127

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WAVLINK WN530H4 M30H4.V5030.190403

Description The issue allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication through the "API Endpoint: /cgi-bin/ExportAllSettings.sh".

Recommendations For WAVLINK WN530H4 M30H4.V5030.190403, as a temporary workaround, consider restricting access to the /cgi-bin/ExportAllSettings.sh endpoint until a patch is available.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-12127

Affected Products

Wavlink Wn530H4

PT-2020-13053 · Wavlink · Wavlink Wn530H4

CVE-2020-12127

Weakness Enumeration

Related Identifiers

Affected Products

References · 4