Vulnerability Details : CVE-2020-10972
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3
Products affected by CVE-2020-10972
- cpe:2.3:o:wavlink:wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:*
- cpe:2.3:o:wavlink:wn572hg3_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:wavlink:wn531g3_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-10972
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10972
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-10972
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-10972
-
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices
CVE/CVE-2020-10972-affected_devices at master · sudo-jtcsec/CVE · GitHubThird Party Advisory
-
https://github.com/sudo-jtcsec/Nyra
GitHub - sudo-jtcsec/Nyra: If you have a Wavlink router, its Not Your Router AnymoreBroken Link
-
https://github.com/Roni-Carta/nyra
GitHub - Roni-Carta/nyraNot Applicable;Third Party Advisory
-
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972
CVE/CVE-2020-10972 at master · sudo-jtcsec/CVE · GitHubThird Party Advisory
Jump to