Strik3r Blog
  • $ whoami
  • Security Research
    • CVEs POCs
      • CVE-2023-37831
      • CVE-2023-37832
      • CVE-2023-37833
      • CVE-2023-37835
      • CVE-2023-39695
      • CVE-2023-36082
      • CVE-2023-36081
      • CVE-2023-34673
      • CVE-2023-34672
      • CVE-2023-34671
      • CVE-2022-44354
      • CVE-2022-44355
      • CVE-2022-44356
      • CVE-2022-48164
      • CVE-2022-48165
      • CVE-2022-48166
      • CVE-2022-44357
    • How To Pass Your eJPT Exam
    • Hacking IoT Introduction
    • Hacking wireless by monitoring
    • The Art of Camouflage: Exploring Advanced PHP Backdoor Obfuscation Techniques
    • Beyond the Desktop: Exploiting a Leaked Token for API
  • Hack The Box
    • Paper
  • CyberTalents Challenges
    • Web Chanllenges
      • Private Agent
    • Intro to Cybersecurity Bootcamp CTF Assessment
  • Bug Bounty
    • Easy LFI
    • HTTP PUT Method Exploit
Powered by GitBook
On this page
  • Summary:
  • Vendor:
  • Affected Product:
  • Version:
  • Details:
  • POC

Was this helpful?

  1. Security Research
  2. CVEs POCs

CVE-2022-48164

PreviousCVE-2022-44356NextCVE-2022-48165

Last updated 1 year ago

Was this helpful?

Summary:

WAVLINK QUANTUM T8 - AC3000 MU-MIMO Tri-band (WL-WN533A8) devices running firmware version (M33A8.V5030.190716) have an access control issue, allowing unauthenticated attackers to download configuration data and log files and obtain admin credentials.

Vendor:

  • Wavlink

Affected Product:

  • WL-WN533A8

Version:

  • M33A8.V5030.190716

Details:

When an unauthenticated attacker requests /cgi-bin/ExportLogs.sh this will lead to downloading all configurations and Admin Credentials and accessing the Device Dashboard

POC

image
image