CVE-2020-13117

Name of the Vulnerable Software and Affected Versions Wavlink WN575A4 and WN579X3 devices through 2020-05-15

Description The issue allows unauthenticated remote users to inject commands via the key parameter in a "login request" API endpoint.

Recommendations For Wavlink WN575A4 and WN579X3 devices through 2020-05-15, avoid using the key parameter in the affected login request until the issue is resolved. Restrict access to the login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.