Vulnerabilities > CVE-2022-34046 - Incorrect Authorization vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
wavlink
CWE-863

Summary

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].

Vulnerable Configurations

Part Description Count
OS
Wavlink
1
Hardware
Wavlink
1

Common Weakness Enumeration (CWE)