CVE-2022-34045
published 2022-07-20CVE-2022-34045: Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.42%
82.1th percentile
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wavlink | wl-wn530hg4_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
Salted__
- →Probe for exposed encrypted configuration backup by issuing a GET request to /backupsettings.dat; a vulnerable device returns HTTP 200 with Content-Type: application/octet-stream and a body beginning with the OpenSSL salted-file magic string 'Salted__'. ↗
- →Use Shodan queries 'http.html:"WN530HG4"', 'http.html:"wn530hg4"', or 'http.title:"wi-fi app login"' to identify internet-exposed Wavlink WN530HG4 devices. ↗
- →Use FOFA queries 'body="wn530hg4"' or 'title="wi-fi app login"' and Google dork 'intitle:"wi-fi app login"' to identify exposed devices. ↗
- →A successful exploitation response will have HTTP status 200, Content-Type header containing 'application/octet-stream', and response body containing the string 'Salted__' (OpenSSL CBC-encrypted file marker), confirming the hardcoded key is in use. ↗
- ·The vulnerability is specific to firmware version M30HG4.V5030.191116 of the Wavlink WN530HG4; other firmware versions may not be affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WAVLINK WN530HG4 - Improper Access Control
nuclei·CVSS 9.8
CVE-2022-34045 [CRITICAL] WAVLINK WN530HG4 - Improper Access Control
WAVLINK WN530HG4 - Improper Access Control
WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2022-34045
info:
name: WAVLINK WN530HG4 - Improper Access Control
author: arafatansari
severity: critical
description: |
WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute
No writeups or analysis indexed.
2022-07-20
Published