CVE-2020-10974

Sažetak

An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000

Reference

https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974
https://github.com/sudo-jtcsec/Nyra
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices
https://github.com/Roni-Carta/nyra

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-04-2022 - 19:30

Objavljeno

07-05-2020 - 18:15