PT-2022-20680 · Wavlink · Wavlink Aerial X 1200M
Penwei Huang
·
Published
2022-06-14
·
Updated
2023-08-08
·
CVE-2022-31308
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WAVLINK AERIAL X 1200M version M79X3.V5030.191012
Description
A vulnerability in the live mfg.shtml file allows attackers to obtain sensitive router information via execution of the
exec cmd function.Recommendations
For version M79X3.V5030.191012, consider disabling the
exec cmd function as a temporary workaround until a patch is available. Restrict access to the live mfg.shtml file to minimize the risk of exploitation.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wavlink Aerial X 1200M