An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
References
Link | Resource |
---|---|
https://github.com/Roni-Carta/nyra | Not Applicable Third Party Advisory |
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974 | Third Party Advisory |
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices | Third Party Advisory |
https://github.com/sudo-jtcsec/Nyra | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
History
28 Apr 2022, 19:30
Type | Values Removed | Values Added |
---|---|---|
First Time |
Wavlink wn530h4
Wavlink wn531a6 Firmware Wavlink wn575a4 Firmware Wavlink wn57x93 Firmware Wavlink wn572hg3 Firmware Wavlink wn535g3 Firmware Wavlink wn579x3 Firmware Wavlink wn578a2 Firmware Wavlink jetstream Ac3000 Firmware Wavlink wn579x3 Wavlink wn572hg3 Wavlink wn531a6 Wavlink wn579g3 Firmware Wavlink jetstream Erac3000 Wavlink wn535g3 Wavlink wn578a2 Wavlink jetstream Erac3000 Firmware Wavlink wn579g3 Wavlink wn530h4 Firmware Wavlink wn57x93 Wavlink jetstream Ac3000 Wavlink wn575a4 |
|
CPE | cpe:2.3:o:wavlink:jetstream_erac3000_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn572hg3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn578a2_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:wavlink:wn57x93:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:jetstream_ac3000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn575a4_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:wavlink:wn531a6:-:*:*:*:*:*:*:* cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:* cpe:2.3:h:wavlink:wn575a4:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn57x93_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:wavlink:jetstream_ac3000:-:*:*:*:*:*:*:* cpe:2.3:h:wavlink:wn579x3:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn579x3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn579g3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn531a6_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:wavlink:wn579g3:-:*:*:*:*:*:*:* cpe:2.3:h:wavlink:wn578a2:-:*:*:*:*:*:*:* cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:* cpe:2.3:h:wavlink:jetstream_erac3000:-:*:*:*:*:*:*:* |
|
CWE | CWE-306 | |
References | (MISC) https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices - Third Party Advisory | |
References | (MISC) https://github.com/Roni-Carta/nyra - Not Applicable, Third Party Advisory | |
References | (MISC) https://github.com/sudo-jtcsec/Nyra - Broken Link |
Information
Published : 2020-05-07 18:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-10974
Mitre link : CVE-2020-10974
CVE.ORG link : CVE-2020-10974
JSON object : View
Products Affected
wavlink
- wn531a6
- jetstream_erac3000_firmware
- wn57x93_firmware
- wn579x3_firmware
- wn575a4_firmware
- wn535g3
- wl-wn579g3_firmware
- wn578a2
- wn575a4
- wn57x93
- wn578a2_firmware
- jetstream_ac3000
- wn535g3_firmware
- jetstream_ac3000_firmware
- wl-wn575a3_firmware
- wn579g3_firmware
- wn572hg3_firmware
- wl-wn575a3
- wn572hg3
- wn531a6_firmware
- wn530h4
- wn579x3
- wl-wn579g3
- jetstream_erac3000
- wn530h4_firmware
- wn579g3
CWE
CWE-306
Missing Authentication for Critical Function