Versio.io

CVE-2020-12266

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 27-04-2020 05:15
Last modified: - 29-04-2022 03:25
Total changes: - 3

Description

An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
High
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
3.9
3.6
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=wavlink AND product=wl-wn579g3_firmware AND version=m79x3.v5030.180719
OR
vendor=wavlink AND product=wl-wn579g3 AND version=-
AND
OR
vendor=wavlink AND product=wl-wn575a3_firmware AND version=rpt75a3.v4300.180801
OR
vendor=wavlink AND product=wl-wn575a3 AND version=-
AND
OR
vendor=wavlink AND product=wl-wn530hg4_firmware AND version=m30hg4.v5030.191116
OR
vendor=wavlink AND product=wl-wn530hg4 AND version=-
AND
OR
vendor=wavlink AND product=wn531g3_firmware AND version=-
OR
vendor=wavlink AND product=wn531g3 AND version=-
AND
OR
vendor=wavlink AND product=wn533a8_firmware AND version=-
OR
vendor=wavlink AND product=wn533a8 AND version=-
AND
OR
vendor=wavlink AND product=wn531a6_firmware AND version=-
OR
vendor=wavlink AND product=wn531a6 AND version=-
AND
OR
vendor=wavlink AND product=wn551k1_firmware AND version=-
OR
vendor=wavlink AND product=wn551k1 AND version=-
AND
OR
vendor=wavlink AND product=wn535g3_firmware AND version=-
OR
vendor=wavlink AND product=wn535g3 AND version=-
AND
OR
vendor=wavlink AND product=wn530h4_firmware AND version=-
OR
vendor=wavlink AND product=wn530h4 AND version=-
AND
OR
vendor=wavlink AND product=wn57x93_firmware AND version=-
OR
vendor=wavlink AND product=wn57x93 AND version=-
AND
OR
vendor=wavlink AND product=wn578a2_firmware AND version=-
OR
vendor=wavlink AND product=wn578a2 AND version=-
AND
OR
vendor=wavlink AND product=wn579g3_firmware AND version=-
OR
vendor=wavlink AND product=wn579g3 AND version=-
AND
OR
vendor=wavlink AND product=wn579x3_firmware AND version=-
OR
vendor=wavlink AND product=wn579x3 AND version=-
AND
OR
vendor=wavlink AND product=jetstream_ac3000_firmware AND version=-
OR
vendor=wavlink AND product=jetstream_ac3000 AND version=-
AND
OR
vendor=wavlink AND product=jetstream_erac3000_firmware AND version=-
OR
vendor=wavlink AND product=jetstream_erac3000 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2020-12266

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.