CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-13117

Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.921

EPSS Ranking 99.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html
https://github.com/ice-wzl/Wavlink-WN530G3A-Cmd-Injection/blob/main/README.md
https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html

Products affected by CVE-2020-13117

Wavlink » Wn575a4 » Version: N/A

cpe:2.3:h:wavlink:wn575a4:-
Wavlink » Wn579x3 » Version: N/A

cpe:2.3:h:wavlink:wn579x3:-
Wavlink » Wn575a4 Firmware » Version: N/A

cpe:2.3:o:wavlink:wn575a4_firmware:-
Wavlink » Wn575a4 Firmware » Version: 2020-05-15

cpe:2.3:o:wavlink:wn575a4_firmware:2020-05-15
Wavlink » Wn579x3 Firmware » Version: N/A

cpe:2.3:o:wavlink:wn579x3_firmware:-
Wavlink » Wn579x3 Firmware » Version: 2020-05-15

cpe:2.3:o:wavlink:wn579x3_firmware:2020-05-15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-13117

Products

Pricing

Contact Us