CVE-2022-48165

Summary:

WAVLINK Aerial G - AC1200 High Power Dual Band Wireless Router (WL-WN530H4) devices running firmware version (M30H4.V5030.210121) have an access control issue, allowing unauthenticated attackers to download configuration data and log files and obtain admin credentials.

Vendor:

  • Wavlink

Affected Product:

  • WL-WN530H4

Version:

  • M30H4.V5030.210121

Details:

When an unauthenticated attacker requests /cgi-bin/ExportLogs.sh this will lead to downloading all configurations and Admin Credentials and accessing the Device Dashboard.

  1. Check Application Device Version:

image

  1. request the vulnerable component.

image

  1. Accessing Admin Dashboard:

image
PreviousCVE-2022-48164NextCVE-2022-48166

Last updated

Was this helpful?