CVE-2020-10974
First published: Thu May 07 2020(Updated: )
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wavlink Wl-wn575a3 Firmware | =rpt75a3.v4300.180801 | |
| Wavlink WL-WN575A3 | ||
| Wavlink Wl-wn579g3 Firmware | =m79x3.v5030.180719 | |
| Wavlink Wl-wn579g3 | ||
| Wavlink Wn531a6 Firmware | ||
| Wavlink WN531A6 | ||
| Wavlink Wn535g3 Firmware | ||
| Wavlink WN535G3 | ||
| Wavlink Wn530h4 Firmware | ||
| Wavlink WN530H4 | ||
| Wavlink Wn57x93 Firmware | ||
| Wavlink WN57X93 | ||
| Wavlink Wn572hg3 Firmware | ||
| Wavlink WN572HG3 | ||
| Wavlink Wn575a4 Firmware | ||
| Wavlink WN575A4 | ||
| Wavlink Wn578a2 Firmware | ||
| Wavlink WN578A2 | ||
| Wavlink Wn579g3 Firmware | ||
| Wavlink WN579G3 | ||
| Wavlink Wn579x3 Firmware | ||
| Wavlink WN579X3 | ||
| Wavlink Jetstream AC3000 | ||
| Wavlink Jetstream AC3000 | ||
| Wavlink Jetstream Erac3000 Firmware | ||
| Wavlink Jetstream Erac3000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10974?
CVE-2020-10974 is a vulnerability that allows an attacker to retrieve the administrator password of certain Wavlink devices through a crafted POST request.
Which devices are affected by CVE-2020-10974?
The affected devices include Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, and more.
Is authentication required to exploit CVE-2020-10974?
No, authentication is not required to exploit CVE-2020-10974.
What is the severity of CVE-2020-10974?
The severity of CVE-2020-10974 is high, with a CVSS score of 7.5.
How can I fix CVE-2020-10974?
There is no official fix available, but you can mitigate the vulnerability by applying security patches or firmware updates provided by Wavlink.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wavlink
- canonical/wavlink wl-wn575a3 firmware
- version/wavlink wl-wn575a3 firmware/rpt75a3.v4300.180801
- canonical/wavlink wl-wn575a3
- canonical/wavlink wl-wn579g3 firmware
- version/wavlink wl-wn579g3 firmware/m79x3.v5030.180719
- canonical/wavlink wl-wn579g3
- canonical/wavlink wn531a6 firmware
- canonical/wavlink wn531a6
- canonical/wavlink wn535g3 firmware
- canonical/wavlink wn535g3
- canonical/wavlink wn530h4 firmware
- canonical/wavlink wn530h4
- canonical/wavlink wn57x93 firmware
- canonical/wavlink wn57x93
- canonical/wavlink wn572hg3 firmware
- canonical/wavlink wn572hg3
- canonical/wavlink wn575a4 firmware
- canonical/wavlink wn575a4
- canonical/wavlink wn578a2 firmware
- canonical/wavlink wn578a2
- canonical/wavlink wn579g3 firmware
- canonical/wavlink wn579g3
- canonical/wavlink wn579x3 firmware
- canonical/wavlink wn579x3
- canonical/wavlink jetstream ac3000
- canonical/wavlink jetstream erac3000 firmware
- canonical/wavlink jetstream erac3000