7.5

CVE-2020-10974

An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WavlinkWl-wn575a3 Firmware Versionrpt75a3.v4300.180801
   WavlinkWl-wn575a3 Version-
WavlinkWl-wn579g3 Firmware Versionm79x3.v5030.180719
   WavlinkWl-wn579g3 Version-
WavlinkWn531a6 Firmware Version-
   WavlinkWn531a6 Version-
WavlinkWn535g3 Firmware Version-
   WavlinkWn535g3 Version-
WavlinkWn530h4 Firmware Version-
   WavlinkWn530h4 Version-
WavlinkWn57x93 Firmware Version-
   WavlinkWn57x93 Version-
WavlinkWn572hg3 Firmware Version-
   WavlinkWn572hg3 Version-
WavlinkWn575a4 Firmware Version-
   WavlinkWn575a4 Version-
WavlinkWn578a2 Firmware Version-
   WavlinkWn578a2 Version-
WavlinkWn579g3 Firmware Version-
   WavlinkWn579g3 Version-
WavlinkWn579x3 Firmware Version-
   WavlinkWn579x3 Version-
WavlinkJetstream Ac3000 Firmware Version-
   WavlinkJetstream Ac3000 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.536
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://github.com/Roni-Carta/nyra
Third Party Advisory
Not Applicable