cbcvebase.
CVE-2022-48165
published 2023-02-03

CVE-2022-48165: An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download…

PriorityP259high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.28%
86.9th percentile
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

Affected

1 ranges
VendorProductVersion rangeFixed in
wavlinkwl-wn530h4_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/ExportLogs.sh
filenamesysLogs.txt
otherhttp.favicon.hash:-1350437236
othericon_hash=-1350437236
  • Unauthenticated GET request to /cgi-bin/ExportLogs.sh returning HTTP 200 with body containing 'Password=' and 'Login=' indicates successful exploitation of the access control bypass.
  • Response header containing 'filename="sysLogs.txt"' confirms the device is serving the log/config export file without authentication.
  • Extract admin credentials from the response body using the regex pattern 'Password=([^\s]+)' on the downloaded sysLogs.txt content.
  • Use Shodan favicon hash -1350437236 or FOFA icon_hash=-1350437236 to identify exposed Wavlink WL-WN530H4 devices on the internet.
  • ·Vulnerability is specific to firmware version M30H4.V5030.210121 on the Wavlink WL-WN530H4 device; other firmware versions may not be affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.