CVE-2020-10972

EUVD-2020-3371
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
wavlinkwn531g3_firmware
-
wavlinkwn572hg3_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Roni-Carta/nyra
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices
https://github.com/sudo-jtcsec/Nyra
https://github.com/Roni-Carta/nyra
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices
https://github.com/sudo-jtcsec/Nyra