QwikSec

Security Database

CVE

CWE

Training

CVE-2020-10974

Published: May 7, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974

x_refsource_MISC

https://github.com/sudo-jtcsec/Nyra

x_refsource_MISC

https://github.com/Roni-Carta/nyra

x_refsource_MISC

https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.