CVE-2022-34046

Name of the Vulnerable Software and Affected Versions Wavlink WN533A8 version M33A8.V5030.190716

Description An access control issue allows attackers to obtain usernames and passwords via the API endpoint "http://IP ADDRESS/sysinit.shtml?r=52300" by searching for logincheck(user).

Recommendations For Wavlink WN533A8 version M33A8.V5030.190716, as a temporary workaround, consider restricting access to the sysinit.shtml endpoint until a patch is available. Avoid using the logincheck(user) function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.