What is CVE-2020-10971?

CVE-2020-10971 is a vulnerability on Wavlink Jetstream devices that allows remote command execution via a crafted POST request.

How severe is CVE-2020-10971?

CVE-2020-10971 is considered critical with a severity score of 8.8 (out of 10).

Which devices are affected by CVE-2020-10971?

Wavlink Wl-wn575a3, Wavlink Wl-wn530hg4, and Wavlink Wl-wn579g3 devices running specific firmware versions are affected by CVE-2020-10971.

How can the vulnerability be exploited?

The vulnerability can be exploited by sending a specially crafted POST request to adm.cgi, which triggers the execution of a specified command.

Is there a fix available for CVE-2020-10971?

It is recommended to update the firmware of the affected Wavlink Jetstream devices to mitigate the vulnerability.

Vulnerability/
CVE-2020-10971

critical

9.3

CWE

7/5/2020

4/8/2024

CVE-2020-10971: Input Validation

First published: Thu May 07 2020(Updated: )

An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session. Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Wavlink Wl-wn575a3 Firmware	=rpt75a3.v4300.180801
Wavlink WL-WN575A3
Wavlink Wl-wn530hg4 Firmware	=m30hg4.v5030.191116
Wavlink WL-WN530HG4
Wavlink Wl-wn579g3 Firmware	=m79x3.v5030.180719
Wavlink Wl-wn579g3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-10971?
CVE-2020-10971 is a vulnerability on Wavlink Jetstream devices that allows remote command execution via a crafted POST request.
How severe is CVE-2020-10971?
CVE-2020-10971 is considered critical with a severity score of 8.8 (out of 10).
Which devices are affected by CVE-2020-10971?
Wavlink Wl-wn575a3, Wavlink Wl-wn530hg4, and Wavlink Wl-wn579g3 devices running specific firmware versions are affected by CVE-2020-10971.
How can the vulnerability be exploited?
The vulnerability can be exploited by sending a specially crafted POST request to adm.cgi, which triggers the execution of a specified command.
Is there a fix available for CVE-2020-10971?
It is recommended to update the firmware of the affected Wavlink Jetstream devices to mitigate the vulnerability.

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/description
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/event
agent/tags
collector/mitre-cve
source/MITRE
vendor/wavlink
canonical/wavlink wl-wn575a3 firmware
version/wavlink wl-wn575a3 firmware/rpt75a3.v4300.180801
canonical/wavlink wl-wn575a3
canonical/wavlink wl-wn530hg4 firmware
version/wavlink wl-wn530hg4 firmware/m30hg4.v5030.191116
canonical/wavlink wl-wn530hg4
canonical/wavlink wl-wn579g3 firmware
version/wavlink wl-wn579g3 firmware/m79x3.v5030.180719
canonical/wavlink wl-wn579g3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.