First published: Thu May 07 2020(Updated: )
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wavlink WL-WN575A3 | =rpt75a3.v4300.180801 | |
Wavlink WL-WN575A3 Firmware | ||
Wavlink WN579G3 Firmware | =m79x3.v5030.180719 | |
Wavlink WN579G3 Firmware | ||
Wavlink Wifi-repeater Firmware | ||
Wavlink WN531A6 Firmware | ||
Wavlink Wifi-repeater Firmware | ||
Wavlink WL-WN535K3 Firmware | ||
Wavlink WL-WN530H4 Firmware | ||
Wavlink Wl-wn530h4 Firmware | ||
Wavlink Wifi-repeater Firmware | ||
Wavlink WN57X93 Firmware | ||
Wavlink WN572HG3 Firmware | ||
Wavlink WN572HG3 Firmware | ||
Wavlink WN575A4 Firmware | ||
Wavlink WN575A4 Firmware | ||
Wavlink Wifi-repeater Firmware | ||
Wavlink WN578A2 Firmware | ||
Wavlink Wifi-repeater Firmware | ||
Wavlink WL-WN579G3 Firmware | ||
Wavlink Aerial X 1200m Firmware | ||
Wavlink WL-WN579X3 Firmware | ||
Wavlink Jetstream AC3000 | ||
Wavlink Jetstream AC3000 | ||
Wavlink Jetstream Erac3000 Firmware | ||
Wavlink Jetstream Erac3000 Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10974 is a vulnerability that allows an attacker to retrieve the administrator password of certain Wavlink devices through a crafted POST request.
The affected devices include Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, and more.
No, authentication is not required to exploit CVE-2020-10974.
The severity of CVE-2020-10974 is high, with a CVSS score of 7.5.
There is no official fix available, but you can mitigate the vulnerability by applying security patches or firmware updates provided by Wavlink.