cbcvebase.
CVE-2022-34047
published 2022-07-20

CVE-2022-34047: An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via…

PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
17.44%
96.7th percentile
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].

Affected

1 ranges
VendorProductVersion rangeFixed in
wavlinkwl-wn530hg4_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/set_safety.shtml?r=52300
othervar syspasswd="
sigma
GET /set_safety.shtml?r=52300 HTTP/1.1
yara
regex: 'syspasswd="(.+?)"'
  • HTTP GET request to /set_safety.shtml?r=52300 without authentication exposes plaintext credentials in the response body; detect by matching response body for 'var syspasswd="' and 'APP'.
  • Shodan/FOFA fingerprints for exposed vulnerable devices: HTTP title 'Wi-Fi APP Login', HTML body containing 'wn530hg4'.
  • Google dork for exposed devices: intitle:"wi-fi app login"
  • FOFA query to identify exposed devices: body="wn530hg4" or title="wi-fi app login"
  • No authentication is required to exploit this vulnerability; any unauthenticated HTTP GET to the endpoint is sufficient.
  • ·Vulnerability is specific to firmware version M30HG4.V5030.191116 on the Wavlink WN530HG4 device.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.