CVE-2020-10974
moderate-risk
Published 2020-05-07
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
Do I need to act?
-
0.34% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (13)
Wl-Wn579G3 Firmware
Wn531A6 Firmware
Wn57X93 Firmware
Wn572Hg3 Firmware
Wn578A2 Firmware
Wn579G3 Firmware
Jetstream Ac3000 Firmware
Jetstream Erac3000 Firmware
Affected Vendors
References (8)
Not Applicable
https://github.com/Roni-Carta/nyra
Third Party Advisory
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974
Third Party Advisory
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices
Broken Link
https://github.com/sudo-jtcsec/Nyra
Not Applicable
https://github.com/Roni-Carta/nyra
Third Party Advisory
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974
Third Party Advisory
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices
Broken Link
https://github.com/sudo-jtcsec/Nyra
44
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
17/34 · Moderate