CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10973

An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.373

EPSS Ranking 97.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2020-10973

Wavlink » Wn530hg4 » Version: N/A

cpe:2.3:h:wavlink:wn530hg4:-
Wavlink » Wn531g3 » Version: N/A

cpe:2.3:h:wavlink:wn531g3:-
Wavlink » Wn533a8 » Version: N/A

cpe:2.3:h:wavlink:wn533a8:-
Wavlink » Wn551k1 » Version: N/A

cpe:2.3:h:wavlink:wn551k1:-
Wavlink » Wn530hg4 Firmware » Version: m30hg4.v5030.191116

cpe:2.3:o:wavlink:wn530hg4_firmware:m30hg4.v5030.191116
Wavlink » Wn531g3 Firmware » Version: N/A

cpe:2.3:o:wavlink:wn531g3_firmware:-
Wavlink » Wn533a8 Firmware » Version: N/A

cpe:2.3:o:wavlink:wn533a8_firmware:-
Wavlink » Wn551k1 Firmware » Version: N/A

cpe:2.3:o:wavlink:wn551k1_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10973

Products

Pricing

Contact Us