CVE-2020-10974
First published: Thu May 07 2020(Updated: )
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wavlink WL-WN575A3 | =rpt75a3.v4300.180801 | |
| Wavlink WL-WN575A3 Firmware | ||
| Wavlink WN579G3 Firmware | =m79x3.v5030.180719 | |
| Wavlink WN579G3 Firmware | ||
| Wavlink Wifi-repeater Firmware | ||
| Wavlink WN531A6 Firmware | ||
| Wavlink Wifi-repeater Firmware | ||
| Wavlink WL-WN535K3 Firmware | ||
| Wavlink WL-WN530H4 Firmware | ||
| Wavlink Wl-wn530h4 Firmware | ||
| Wavlink Wifi-repeater Firmware | ||
| Wavlink WN57X93 Firmware | ||
| Wavlink WN572HG3 Firmware | ||
| Wavlink WN572HG3 Firmware | ||
| Wavlink WN575A4 Firmware | ||
| Wavlink WN575A4 Firmware | ||
| Wavlink Wifi-repeater Firmware | ||
| Wavlink WN578A2 Firmware | ||
| Wavlink Wifi-repeater Firmware | ||
| Wavlink WL-WN579G3 Firmware | ||
| Wavlink Aerial X 1200m Firmware | ||
| Wavlink WL-WN579X3 Firmware | ||
| Wavlink Jetstream AC3000 | ||
| Wavlink Jetstream AC3000 | ||
| Wavlink Jetstream Erac3000 Firmware | ||
| Wavlink Jetstream Erac3000 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10974?
CVE-2020-10974 is a vulnerability that allows an attacker to retrieve the administrator password of certain Wavlink devices through a crafted POST request.
Which devices are affected by CVE-2020-10974?
The affected devices include Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, and more.
Is authentication required to exploit CVE-2020-10974?
No, authentication is not required to exploit CVE-2020-10974.
What is the severity of CVE-2020-10974?
The severity of CVE-2020-10974 is high, with a CVSS score of 7.5.
How can I fix CVE-2020-10974?
There is no official fix available, but you can mitigate the vulnerability by applying security patches or firmware updates provided by Wavlink.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wavlink
- canonical/wavlink wl-wn575a3
- version/wavlink wl-wn575a3/rpt75a3.v4300.180801
- canonical/wavlink wl-wn575a3 firmware
- canonical/wavlink wn579g3 firmware
- version/wavlink wn579g3 firmware/m79x3.v5030.180719
- canonical/wavlink wifi-repeater firmware
- canonical/wavlink wn531a6 firmware
- canonical/wavlink wl-wn535k3 firmware
- canonical/wavlink wl-wn530h4 firmware
- canonical/wavlink wn57x93 firmware
- canonical/wavlink wn572hg3 firmware
- canonical/wavlink wn575a4 firmware
- canonical/wavlink wn578a2 firmware
- canonical/wavlink wl-wn579g3 firmware
- canonical/wavlink aerial x 1200m firmware
- canonical/wavlink wl-wn579x3 firmware
- canonical/wavlink jetstream ac3000
- canonical/wavlink jetstream erac3000 firmware