An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wa...
7.5CVSS
7.5AI Score
0.002EPSS
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
9.8CVSS
9.5AI Score
0.143EPSS