cbcvebase.
CVE-2020-12127
published 2020-10-02

CVE-2020-12127: An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak…

PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.44%
92.9th percentile
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.

Affected

1 ranges
VendorProductVersion rangeFixed in
wavlinkwn530h4_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/ExportAllSettings.sh
  • Send an unauthenticated HTTP GET request to /cgi-bin/ExportAllSettings.sh and check for HTTP 200 response containing all of the following strings in the body: 'Login=', 'Password=', 'Model=', 'AuthMode='
  • Shodan/FOFA fingerprinting: identify exposed WAVLINK devices via HTTP response body containing 'Wavlink' or 'wavlink'
  • ·Vulnerability is specific to firmware version M30H4.V5030.190403 on the WAVLINK WN530H4 device; other firmware versions may not be affected.
  • ·The endpoint requires no authentication (CWE-306), meaning any network-reachable attacker can exploit it without credentials.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.