CVE-2020-10973 Scanner
Detects 'Improper Access Control' vulnerability in WAVLINK affects v. WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
1 month 2 days
Scan only one
Domain, IPv4
Toolbox
-
WAVLINK products are a popular choice for internet connectivity and networking solutions. From routers to adapters, they offer a range of devices that cater to the individual needs of users. These products are designed to establish a secure and reliable network connection, ensuring seamless internet connectivity across multiple devices. However, one of their products has recently come under scrutiny due to its vulnerability.
The CVE-2020-10973 vulnerability has been detected in Wavlink WN530HG4, WN531G3, WN533A8, and WN551K1. It affects the /cgi-bin/ExportAllSettings.sh, where a crafted POST request can return the current configuration of the device, including the administrator password. The attacker does not require any form of authentication to exploit the vulnerability, making it an easy target. Additionally, the decryption information required to breach the system is readily available.
Exploiting this vulnerability can lead to severe consequences. An unauthorized user can gain full access to the system and its configuration. Since the administrator password is exposed, the attacker can make changes to the device's settings, potentially causing disruptions to the network and compromising the privacy and security of the user's digital assets. Allowing unauthorized access to the network can also lead to the theft of private information, including sensitive data like financial information, personal files, and login credentials.
By leveraging the Pro features of s4e.io, users can easily and quickly learn about vulnerabilities in their digital assets. With its powerful scanning capabilities and customizable reports, users can identify and remediate vulnerabilities proactively before malicious actors identify them. In conjunction with the aforementioned precautions, s4e.io can provide an extra layer of protection to ensure the safety and security of digital assets.
REFERENCES