cbcvebase.
CVE-2022-34046
published 2022-07-20

CVE-2022-34046: An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via…

PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
16.58%
96.6th percentile
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].

Affected

1 ranges
VendorProductVersion rangeFixed in
wavlinkwn533a8_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/sysinit.shtml?r=52300
path/sysinit.shtml
othervar syspasswd="
otherGET /sysinit.shtml?r=52300 HTTP/1.1
yara
regex: syspasswd="(.+?)"
  • Match HTTP 200 response body containing both 'var syspasswd="' and 'APP' strings to confirm credential exposure on the target endpoint.
  • Use Shodan queries 'http.title:"Wi-Fi APP Login"', 'http.html:"wavlink"', or 'http.title:"wi-fi app login"' to identify exposed Wavlink WN533A8 devices on the internet.
  • Use FOFA queries 'title="wi-fi app login"' or 'body="wavlink"' to identify exposed Wavlink WN533A8 devices.
  • Use Google dork 'intitle:"wi-fi app login"' to discover internet-facing Wavlink WN533A8 login pages.
  • ·The vulnerability is unauthenticated — no credentials are required to access the sensitive endpoint and retrieve plaintext usernames and passwords.
  • ·The affected firmware version is specifically M33A8.V5030.190716; detections should be scoped to this version of the Wavlink WN533A8 firmware.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.