Strik3r Blog
  • $ whoami
  • Security Research
    • CVEs POCs
      • CVE-2023-37831
      • CVE-2023-37832
      • CVE-2023-37833
      • CVE-2023-37835
      • CVE-2023-39695
      • CVE-2023-36082
      • CVE-2023-36081
      • CVE-2023-34673
      • CVE-2023-34672
      • CVE-2023-34671
      • CVE-2022-44354
      • CVE-2022-44355
      • CVE-2022-44356
      • CVE-2022-48164
      • CVE-2022-48165
      • CVE-2022-48166
      • CVE-2022-44357
    • How To Pass Your eJPT Exam
    • Hacking IoT Introduction
    • Hacking wireless by monitoring
    • The Art of Camouflage: Exploring Advanced PHP Backdoor Obfuscation Techniques
    • Beyond the Desktop: Exploiting a Leaked Token for API
  • Hack The Box
    • Paper
  • CyberTalents Challenges
    • Web Chanllenges
      • Private Agent
    • Intro to Cybersecurity Bootcamp CTF Assessment
  • Bug Bounty
    • Easy LFI
    • HTTP PUT Method Exploit
Powered by GitBook
On this page
  • Summary:
  • Vendor:
  • Affected Product:
  • Version:
  • Details:

Was this helpful?

  1. Security Research
  2. CVEs POCs

CVE-2022-48165

PreviousCVE-2022-48164NextCVE-2022-48166

Last updated 1 year ago

Was this helpful?

Summary:

WAVLINK Aerial G - AC1200 High Power Dual Band Wireless Router (WL-WN530H4) devices running firmware version (M30H4.V5030.210121) have an access control issue, allowing unauthenticated attackers to download configuration data and log files and obtain admin credentials.

Vendor:

  • Wavlink

Affected Product:

  • WL-WN530H4

Version:

  • M30H4.V5030.210121

Details:

When an unauthenticated attacker requests /cgi-bin/ExportLogs.sh this will lead to downloading all configurations and Admin Credentials and accessing the Device Dashboard.

  1. Check Application Device Version:

image

  1. request the vulnerable component.

  1. Accessing Admin Dashboard:

image
image