PT-2022-12033 · Wavlink · Wavlink Ac1200

Published

2022-03-17

Updated

2022-03-23

CVE-2021-44260

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WAVLINK AC1200 version WAVLINK-A42W-1.27.6-20180418

Description A vulnerability in the 'live mfg.html' page allows a remote attacker to access this page without authentication, exposing key information of the router manager.

Recommendations For WAVLINK AC1200 version WAVLINK-A42W-1.27.6-20180418, consider restricting access to the 'live mfg.html' page until a patch is available. As a temporary workaround, avoid using the 'live mfg.html' page to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2021-44260

Affected Products

Wavlink Ac1200

PT-2022-12033 · Wavlink · Wavlink Ac1200

CVE-2021-44260

Weakness Enumeration

Related Identifiers

Affected Products

References · 4