PT-2023-15597 · Wavlink · Wavlink Wl-Wn533A8

Strik3R0X1

Published

2023-02-06

Updated

2025-03-26

CVE-2022-48164

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN533A8 version M33A8.V5030.190716

Description An access control issue in the component /cgi-bin/ExportLogs.sh allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

Recommendations For version M33A8.V5030.190716, consider restricting access to the /cgi-bin/ExportLogs.sh component to prevent unauthenticated downloads of sensitive data. As a temporary workaround, consider disabling the ExportLogs.sh functionality until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-48164

Affected Products

Wavlink Wl-Wn533A8

PT-2023-15597 · Wavlink · Wavlink Wl-Wn533A8

CVE-2022-48164

Related Identifiers

Affected Products

References · 6