S4E

CVE-2020-10973 Scanner

Detects 'Improper Access Control' vulnerability in WAVLINK affects v. WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

15 seconds

Time Interval

1 month 2 days

Scan only one

Domain, IPv4

Toolbox

-

WAVLINK products are a popular choice for internet connectivity and networking solutions. From routers to adapters, they offer a range of devices that cater to the individual needs of users. These products are designed to establish a secure and reliable network connection, ensuring seamless internet connectivity across multiple devices. However, one of their products has recently come under scrutiny due to its vulnerability.

The CVE-2020-10973 vulnerability has been detected in Wavlink WN530HG4, WN531G3, WN533A8, and WN551K1. It affects the /cgi-bin/ExportAllSettings.sh, where a crafted POST request can return the current configuration of the device, including the administrator password. The attacker does not require any form of authentication to exploit the vulnerability, making it an easy target. Additionally, the decryption information required to breach the system is readily available.

Exploiting this vulnerability can lead to severe consequences. An unauthorized user can gain full access to the system and its configuration. Since the administrator password is exposed, the attacker can make changes to the device's settings, potentially causing disruptions to the network and compromising the privacy and security of the user's digital assets. Allowing unauthorized access to the network can also lead to the theft of private information, including sensitive data like financial information, personal files, and login credentials.

By leveraging the Pro features of s4e.io, users can easily and quickly learn about vulnerabilities in their digital assets. With its powerful scanning capabilities and customizable reports, users can identify and remediate vulnerabilities proactively before malicious actors identify them. In conjunction with the aforementioned precautions, s4e.io can provide an extra layer of protection to ensure the safety and security of digital assets.

 

REFERENCES

Get started to protecting your Free Full Security Scan