An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
CPE | Name | Operator | Version |
---|---|---|---|
wl-wn575a3_firmware | eq | 75a3.v4300.180801-rpt | |
wl-wn579g3_firmware | eq | 79x3.v5030.180719-m |