Remote Command Execution Vulnerability in Wavlink Jetstream Devices
CVE-2020-10971

8.8HIGH

Key Information:

Vendor

Wavlink

Status
Wl-wn575a3 Firmware
Vendor
CVE Published:
7 May 2020

What is CVE-2020-10971?

A vulnerability exists in Wavlink Jetstream devices that allows an attacker to execute arbitrary commands via a crafted POST request sent to adm.cgi. If an active session is present, the device does not properly validate the source of the request, enabling an attacker to exploit this weakness. The flaw affects several Wavlink device models, including various Jetstream configurations, and poses a risk of unauthorized command execution that could compromise device integrity.

References

https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-1...
x_refsource_MISC
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-1...
x_refsource_MISC
https://github.com/sudo-jtcsec/Nyra
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-10971 : Remote Command Execution Vulnerability in Wavlink Jetstream Devices