Access Control Issue in Wavlink WN530HG4 Router
CVE-2022-34047

7.5HIGH

Key Information:

Vendor: Wavlink
Status: Wl-wn530hg4 Firmware
Vendor: CVE Published:; 20 July 2022

What is CVE-2022-34047?

An access control vulnerability in the Wavlink WN530HG4 router enables unauthorized users to retrieve sensitive information, including usernames and passwords. Attackers can exploit this issue through the view-source method by accessing specific URLs, which may reveal critical internal variables. This flaw underscores the importance of robust access controls to safeguard user credentials and prevent unauthorized access.

References

https://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPd...

x_refsource_MISC

http://packetstormsecurity.com/files/167891/Wavlink-WN530...

x_refsource_MISC

EPSS Score

67% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2022
Vulnerability Reserved
Jun 20, 2022