Vulnerability Description
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wavlink | Wn530Hg4 Firmware | m30hg4.v5030.191116 |
| Wavlink | Wn530Hg4 | - |
| Wavlink | Wn531G3 Firmware | - |
| Wavlink | Wn531G3 | - |
| Wavlink | Wn572Hg3 Firmware | - |
| Wavlink | Wn572Hg3 | - |
Related Weaknesses (CWE)
References
- https://github.com/Roni-Carta/nyraNot ApplicableThird Party Advisory
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972Third Party Advisory
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devicesThird Party Advisory
- https://github.com/sudo-jtcsec/NyraBroken Link
- https://github.com/Roni-Carta/nyraNot ApplicableThird Party Advisory
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972Third Party Advisory
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devicesThird Party Advisory
- https://github.com/sudo-jtcsec/NyraBroken Link
FAQ
What is CVE-2020-10972?
CVE-2020-10972 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a cer...
How severe is CVE-2020-10972?
CVE-2020-10972 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10972?
Check the references section above for vendor advisories and patch information. Affected products include: Wavlink Wn530Hg4 Firmware, Wavlink Wn530Hg4, Wavlink Wn531G3 Firmware, Wavlink Wn531G3, Wavlink Wn572Hg3 Firmware.