Appliance Details
Wavlink WN530HG4 is an AC1200 high power Dual Band Gigabit Router.
Vulnerability
Wavlink WN530HG4 could allow a remote attacker to obtain sensitive information, caused by improper access control in the IP_ADDRESS/set_safety.shtml endpoint.
Identification
By searching for searching for [var syspasswd], an attacker could exploit this vulnerability to obtain usernames and passwords, and use this information to launch further attacks against the affected system.
GET /set_safety.shtml?r=52300
Detection
By turning this into a traffic file and matching rule, we are able to detect unauthorised attempts in the disclosure of device administrator credentials (usernames and passwords).
Coverage
Idappcom has created signature 8022957 along with a traffic file.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comentarios