daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2020/CVE-2020-10973.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-02-01 13:23:46 -05:00
parent b4d0c10850
commit 3bb08ce785
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2020/CVE-2020-10973.yaml
View File

@ -5,7 +5,7 @@ info:
author: arafatansari author: arafatansari
severity: high severity: high
description: | description: |
Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available. Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
reference: reference:
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973 - https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973
- https://github.com/sudo-jtcsec/Nyra - https://github.com/sudo-jtcsec/Nyra