cbcvebase.
CVE-2022-48166
published 2023-02-06

CVE-2022-48166: An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain…

PriorityP258high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.82%
84.8th percentile
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

Affected

1 ranges
VendorProductVersion rangeFixed in
wavlinkwl-wn530hg4_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/ExportLogs.sh
othershodan:html:"WN530HG4"
otherfofa:body="WN530HG4"
  • Unauthenticated GET request to /cgi-bin/ExportLogs.sh returns a file (application/octet-stream) containing plaintext credentials; match response body for 'Login=', 'Password=', 'WiFi_', 'WAVLINK' and HTTP 200.
  • Identify vulnerable Wavlink WN530HG4 devices by checking the root HTTP response body for the string 'WN530HG4' before probing the export endpoint.
  • The exported log/config file contains admin credentials in cleartext fields named 'Login=' and 'Password='; any detection of these patterns in HTTP responses from router management interfaces should be treated as a confirmed exploitation indicator.
  • ·Vulnerability is specific to firmware version M30HG4.V5030.201217; other firmware versions of the WL-WN530HG4 may not be affected.
  • ·The Nuclei template uses a two-step flow: first confirm the device is a WN530HG4 (http(1)), then probe the export endpoint (http(2)). Single-step probing without device fingerprinting may produce false positives.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.