top of page

Wavlink WN530HG4 Information Disclosure (CVE-2022-34047)



Appliance Details

Wavlink WN530HG4 is an AC1200 high power Dual Band Gigabit Router.


Vulnerability

Wavlink WN530HG4 could allow a remote attacker to obtain sensitive information, caused by improper access control in the IP_ADDRESS/set_safety.shtml endpoint.


Identification

By searching for searching for [var syspasswd], an attacker could exploit this vulnerability to obtain usernames and passwords, and use this information to launch further attacks against the affected system.


GET /set_safety.shtml?r=52300


Detection

By turning this into a traffic file and matching rule, we are able to detect unauthorised attempts in the disclosure of device administrator credentials (usernames and passwords).


Coverage

Idappcom has created signature 8022957 along with a traffic file.


References


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional

Comentarios


bottom of page