cbcvebase.
CVE-2022-34045
published 2022-07-20

CVE-2022-34045: Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at…

PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.42%
82.1th percentile
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.

Affected

1 ranges
VendorProductVersion rangeFixed in
wavlinkwl-wn530hg4_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh
path/backupsettings.dat
bytes
Salted__
  • Probe for exposed encrypted configuration backup by issuing a GET request to /backupsettings.dat; a vulnerable device returns HTTP 200 with Content-Type: application/octet-stream and a body beginning with the OpenSSL salted-file magic string 'Salted__'.
  • Use Shodan queries 'http.html:"WN530HG4"', 'http.html:"wn530hg4"', or 'http.title:"wi-fi app login"' to identify internet-exposed Wavlink WN530HG4 devices.
  • Use FOFA queries 'body="wn530hg4"' or 'title="wi-fi app login"' and Google dork 'intitle:"wi-fi app login"' to identify exposed devices.
  • A successful exploitation response will have HTTP status 200, Content-Type header containing 'application/octet-stream', and response body containing the string 'Salted__' (OpenSSL CBC-encrypted file marker), confirming the hardcoded key is in use.
  • ·The vulnerability is specific to firmware version M30HG4.V5030.191116 of the Wavlink WN530HG4; other firmware versions may not be affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.