CSRF Vulnerability in WAVLINK Router Model WN530H4
CVE-2020-12123

8.1HIGH

Key Information:

Vendor: Wavlink
Status: Wn530h4 Firmware
Vendor: CVE Published:; 2 October 2020

What is CVE-2020-12123?

A CSRF vulnerability exists in the /cgi-bin/ directory of WAVLINK WN530H4 model routers. This flaw allows attackers to remotely access router endpoints due to the absence of CSRF tokens. If a user is already authenticated within the router's portal, the vulnerability can be exploited, potentially compromising the security of the device and the network it manages. Users are advised to implement appropriate security measures and stay informed about updates and patches from WAVLINK.

References

https://www.wavlink.com/en_us/product/WL-WN530H4.html

x_refsource_MISC

https://cerne.xyz/bugs/CVE-2020-12123

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2020
Vulnerability Reserved
Apr 23, 2020

Wavlink

What is CVE-2020-12123?

References

CVSS V3.1

Timeline