CVE-2022-34047 — HIGH (7.5)

Vulnerability Description

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Wavlink	Wl-Wn530Hg4 Firmware	m30hg4.v5030.191116
Wavlink	Wl-Wn530Hg4	-

Related Weaknesses (CWE)

CWE-668

References

http://packetstormsecurity.com/files/167891/Wavlink-WN530HG4-Password-DisclosureThird Party AdvisoryVDB Entry
https://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=shariExploitThird Party Advisory
http://packetstormsecurity.com/files/167891/Wavlink-WN530HG4-Password-DisclosureThird Party AdvisoryVDB Entry
https://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=shariExploitThird Party Advisory

FAQ

What is CVE-2022-34047?

CVE-2022-34047 is a vulnerability with a CVSS score of 7.5 (HIGH). An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var sys...

How severe is CVE-2022-34047?

CVE-2022-34047 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-34047?

Check the references section above for vendor advisories and patch information. Affected products include: Wavlink Wl-Wn530Hg4 Firmware, Wavlink Wl-Wn530Hg4.