cbcvebase.
CVE-2022-48164
published 2023-02-06

CVE-2022-48164: An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download…

PriorityP179high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.10%
86.1th percentile
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

Affected

1 ranges
VendorProductVersion rangeFixed in
wavlinkwl-wn533a8_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/ExportLogs.sh
othercontains_all(body, "Login=", "Password=", "WiFi_", "WAVLINK")
othercontent_type: application/octet-stream
  • Unauthenticated HTTP GET to /cgi-bin/ExportLogs.sh returning HTTP 200 with content-type application/octet-stream and body containing 'Login=', 'Password=', 'WiFi_', and 'WAVLINK' strings indicates successful exploitation.
  • Fingerprint target device by checking for 'WN533A8' string in the HTTP response body of the root page before probing the vulnerable endpoint.
  • Use Shodan query html:"WN533A8" or FOFA query body="WN533A8" to identify internet-exposed Wavlink WL-WN533A8 devices potentially vulnerable to this CVE.
  • ·Vulnerability is specific to firmware version M33A8.V5030.190716 on the Wavlink WL-WN533A8 device. Other firmware versions may not be affected.
  • ·High EPSS score (0.87135, 99.4th percentile) indicates this vulnerability is very likely being actively exploited in the wild.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.