Vulnerability Details CVE-2020-10974
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/Roni-Carta/nyra
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices
- https://github.com/sudo-jtcsec/Nyra
- https://github.com/Roni-Carta/nyra
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices
- https://github.com/sudo-jtcsec/Nyra
Products affected by CVE-2020-10974
-
cpe:2.3:h:wavlink:jetstream_ac3000:-
-
cpe:2.3:h:wavlink:jetstream_erac3000:-
-
cpe:2.3:h:wavlink:wl-wn575a3:-
-
cpe:2.3:h:wavlink:wl-wn579g3:-
-
cpe:2.3:h:wavlink:wn530h4:-
-
cpe:2.3:h:wavlink:wn531a6:-
-
cpe:2.3:h:wavlink:wn535g3:-
-
cpe:2.3:h:wavlink:wn572hg3:-
-
cpe:2.3:h:wavlink:wn575a4:-
-
cpe:2.3:h:wavlink:wn578a2:-
-
cpe:2.3:h:wavlink:wn579g3:-
-
cpe:2.3:h:wavlink:wn579x3:-
-
cpe:2.3:h:wavlink:wn57x93:-
-
cpe:2.3:o:wavlink:jetstream_ac3000_firmware:-
-
cpe:2.3:o:wavlink:jetstream_erac3000_firmware:-
-
cpe:2.3:o:wavlink:wl-wn575a3_firmware:rpt75a3.v4300.180801
-
cpe:2.3:o:wavlink:wl-wn579g3_firmware:m79x3.v5030.180719
-
cpe:2.3:o:wavlink:wn530h4_firmware:-
-
cpe:2.3:o:wavlink:wn531a6_firmware:-
-
cpe:2.3:o:wavlink:wn535g3_firmware:-
-
cpe:2.3:o:wavlink:wn572hg3_firmware:-
-
cpe:2.3:o:wavlink:wn575a4_firmware:-
-
cpe:2.3:o:wavlink:wn578a2_firmware:-
-
cpe:2.3:o:wavlink:wn579g3_firmware:-
-
cpe:2.3:o:wavlink:wn579x3_firmware:-
-
cpe:2.3:o:wavlink:wn57x93_firmware:-