Versio.io

CVE-2020-10974

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 07-05-2020 08:15
Last modified: - 28-04-2022 09:30
Total changes: - 3

Description

An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
High
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
3.9
3.6
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=wavlink AND product=wl-wn575a3_firmware AND version=rpt75a3.v4300.180801
OR
vendor=wavlink AND product=wl-wn575a3 AND version=-
AND
OR
vendor=wavlink AND product=wl-wn579g3_firmware AND version=m79x3.v5030.180719
OR
vendor=wavlink AND product=wl-wn579g3 AND version=-
AND
OR
vendor=wavlink AND product=wn531a6_firmware AND version=-
OR
vendor=wavlink AND product=wn531a6 AND version=-
AND
OR
vendor=wavlink AND product=wn535g3_firmware AND version=-
OR
vendor=wavlink AND product=wn535g3 AND version=-
AND
OR
vendor=wavlink AND product=wn530h4_firmware AND version=-
OR
vendor=wavlink AND product=wn530h4 AND version=-
AND
OR
vendor=wavlink AND product=wn57x93_firmware AND version=-
OR
vendor=wavlink AND product=wn57x93 AND version=-
AND
OR
vendor=wavlink AND product=wn572hg3_firmware AND version=-
OR
vendor=wavlink AND product=wn572hg3 AND version=-
AND
OR
vendor=wavlink AND product=wn575a4_firmware AND version=-
OR
vendor=wavlink AND product=wn575a4 AND version=-
AND
OR
vendor=wavlink AND product=wn578a2_firmware AND version=-
OR
vendor=wavlink AND product=wn578a2 AND version=-
AND
OR
vendor=wavlink AND product=wn579g3_firmware AND version=-
OR
vendor=wavlink AND product=wn579g3 AND version=-
AND
OR
vendor=wavlink AND product=wn579x3_firmware AND version=-
OR
vendor=wavlink AND product=wn579x3 AND version=-
AND
OR
vendor=wavlink AND product=jetstream_ac3000_firmware AND version=-
OR
vendor=wavlink AND product=jetstream_ac3000 AND version=-
AND
OR
vendor=wavlink AND product=jetstream_erac3000_firmware AND version=-
OR
vendor=wavlink AND product=jetstream_erac3000 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2020-10974

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.