CVE-2022-34047
published 2022-07-20CVE-2022-34047: An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via…
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
17.44%
96.7th percentile
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wavlink | wl-wn530hg4_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
GET /set_safety.shtml?r=52300 HTTP/1.1
yara↗
regex: 'syspasswd="(.+?)"'
- →HTTP GET request to /set_safety.shtml?r=52300 without authentication exposes plaintext credentials in the response body; detect by matching response body for 'var syspasswd="' and 'APP'. ↗
- →Shodan/FOFA fingerprints for exposed vulnerable devices: HTTP title 'Wi-Fi APP Login', HTML body containing 'wn530hg4'. ↗
- →Google dork for exposed devices: intitle:"wi-fi app login" ↗
- →FOFA query to identify exposed devices: body="wn530hg4" or title="wi-fi app login" ↗
- →No authentication is required to exploit this vulnerability; any unauthenticated HTTP GET to the endpoint is sufficient. ↗
- ·Vulnerability is specific to firmware version M30HG4.V5030.191116 on the Wavlink WN530HG4 device. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Wavlink WN530HG4 - Password Disclosure
exploitdb·2022-08-01·CVSS 7.5
CVE-2022-34047 [HIGH] Wavlink WN530HG4 - Password Disclosure
Wavlink WN530HG4 - Password Disclosure
---
# Exploit Title: Wavlink WN530HG4 - Password Disclosure
# Date: 2022-06-12
# Exploit Author: Ahmed Alroky
# Author Company : AIactive
# Version: M30HG4.V5030.191116
# Vendor home page : wavlink.com
# Authentication Required: No
# CVE : CVE-2022-34047
# Tested on: Windows
# Exploit
view-source:http://IP_address/set_safety.shtml?r=52300
search for var syspasswd="
you will find the username and the password
Nuclei
WAVLINK WN530HG4 - Improper Access Control
nuclei·CVSS 7.5
CVE-2022-34047 [HIGH] WAVLINK WN530HG4 - Improper Access Control
WAVLINK WN530HG4 - Improper Access Control
WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2022-34047
info:
name: WAVLINK WN530HG4 - Improper Access Control
author: For3stCo1d
severity: high
description: |
WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd] and thereby possibly obtain sensitive information, modify data, and/or execu
No writeups or analysis indexed.
http://packetstormsecurity.com/files/167891/Wavlink-WN530HG4-Password-Disclosure.htmlhttps://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=sharinghttp://packetstormsecurity.com/files/167891/Wavlink-WN530HG4-Password-Disclosure.htmlhttps://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=sharing
2022-07-20
Published