daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2020-10973.yaml

patch-1
Ritik Chaddha 2022-08-14 18:07:55 +05:30 committed by GitHub
parent c6df6b3bc4
commit 61812f679d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cves/2020/CVE-2020-10973.yaml
View File

@ -8,10 +8,12 @@ info:
An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available. An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-10973 - https://nvd.nist.gov/vuln/detail/CVE-2020-10973
classification:
cve-id: CVE-2020-10973
metadata: metadata:
verified: true verified: true
shodan-query: http.html:"WN551K1" shodan-query: http.html:"WN551K1"
tags: cve,cve2020,access,control,wavlink tags: cve,cve2020,exposure,wavlink
requests: requests:
- raw: - raw: