CVE-2020-10972
Last modified
CVE-2020-10972 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). EPSS estimates a 1.73% chance of exploitation in the next 30 days.
Description
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wavlink | Wn530hg4 Firmware | m30hg4.v5030.191116 |
| Wavlink | Wn531g3 Firmware | All versions |
| Wavlink | Wn572hg3 Firmware | All versions |
References
- https://github.com/Roni-Carta/nyraNot Applicable, Third Party Advisory
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972Third Party Advisory
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devicesThird Party Advisory
- https://github.com/sudo-jtcsec/NyraBroken Link
- https://github.com/Roni-Carta/nyraNot Applicable, Third Party Advisory
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972Third Party Advisory
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devicesThird Party Advisory
- https://github.com/sudo-jtcsec/NyraBroken Link
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-10972?
How severe is CVE-2020-10972?
How do I fix CVE-2020-10972?
Are you affected by CVE-2020-10972?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST