Remote Command Execution Vulnerability in Wavlink Jetstream Devices
CVE-2020-10971

8.8HIGH

Key Information:

Vendor

Wavlink

Vendor
CVE Published:
7 May 2020

What is CVE-2020-10971?

A vulnerability exists in Wavlink Jetstream devices that allows an attacker to execute arbitrary commands via a crafted POST request sent to adm.cgi. If an active session is present, the device does not properly validate the source of the request, enabling an attacker to exploit this weakness. The flaw affects several Wavlink device models, including various Jetstream configurations, and poses a risk of unauthorized command execution that could compromise device integrity.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.