Vulnerabilities > CVE-2022-34046 - Incorrect Authorization vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wavlink

CWE-863

NVD

Published: 2022-07-20

Updated: 2022-10-07

Summary

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].

Vulnerable Configurations

Part	Description	Count
OS	Wavlink Wavlink Wn533A8 Firmware M33A8.V5030.190716	1
Hardware	Wavlink Wavlink Wn533A8 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://drive.google.com/file/d/18ECQEqZ296LDzZ0wErgqnNfen1jCn0mG/view?usp=sharing
http://packetstormsecurity.com/files/167890/Wavlink-WN533A8-Password-Disclosure.html