An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3
References
Link | Resource |
---|---|
https://github.com/Roni-Carta/nyra | Not Applicable Third Party Advisory |
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972 | Third Party Advisory |
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices | Third Party Advisory |
https://github.com/sudo-jtcsec/Nyra | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-07T17:51:48
Updated: 2020-12-04T19:32:54
Reserved: 2020-03-26T00:00:00
Link: CVE-2020-10972
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-05-07T18:15:11.257
Modified: 2022-04-29T13:26:17.740
Link: CVE-2020-10972
JSON object: View
Redhat Information
No data.