CVE-2020-12123 — HIGH (8.1)

Vulnerability Description

CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wavlink	Wn530H4 Firmware	m30h4.v5030.190403
Wavlink	Wn530H4	-

Related Weaknesses (CWE)

CWE-352

References

https://cerne.xyz/bugs/CVE-2020-12123Third Party Advisory
https://www.wavlink.com/en_us/product/WL-WN530H4.htmlProductVendor Advisory
https://cerne.xyz/bugs/CVE-2020-12123Third Party Advisory
https://www.wavlink.com/en_us/product/WL-WN530H4.htmlProductVendor Advisory

FAQ

What is CVE-2020-12123?

CVE-2020-12123 is a vulnerability with a CVSS score of 8.1 (HIGH). CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If ...

How severe is CVE-2020-12123?

CVE-2020-12123 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-12123?

Check the references section above for vendor advisories and patch information. Affected products include: Wavlink Wn530H4 Firmware, Wavlink Wn530H4.