Details of VAR-202005-0094

ID

VAR-202005-0094

CVE

CVE-2020-10972

TITLE

Wavlink WL-WN530HG4 Inadequate protection of credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-005164

DESCRIPTION

An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3. Wavlink WL-WN530HG4 Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-10972 // JVNDB: JVNDB-2020-005164 // VULMON: CVE-2020-10972

AFFECTED PRODUCTS

vendor:	wavlink	model:	wn530hg4	scope:	eq	version:	m30hg4.v5030.191116	Trust: 1.0
vendor:	wavlink	model:	wn531g3	scope:	eq	version:	-	Trust: 1.0
vendor:	wavlink	model:	wn572hg3	scope:	eq	version:	-	Trust: 1.0
vendor:	wavlink	model:	wl-wn530hg4	scope:	eq	version:	m30hg4.v5030.191116	Trust: 0.8

sources: JVNDB: JVNDB-2020-005164 // NVD: CVE-2020-10972

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10972
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005164
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-272
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-10972
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-10972
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005164
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-10972
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005164
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-10972 // JVNDB: JVNDB-2020-005164 // CNNVD: CNNVD-202005-272 // NVD: CVE-2020-10972

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.8
problemtype:	CWE-306	Trust: 1.0

sources: JVNDB: JVNDB-2020-005164 // NVD: CVE-2020-10972

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-272

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-272

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005164

PATCH

title:	Top Page	url:	https://www.wavlink.com	Trust: 0.8
title:	CVE	url:	https://github.com/sudo-jtcsec/CVE	Trust: 0.1

sources: VULMON: CVE-2020-10972 // JVNDB: JVNDB-2020-005164

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10972	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-005164	Trust: 0.8
db:	NSFOCUS	id:	47951	Trust: 0.6
db:	CNNVD	id:	CNNVD-202005-272	Trust: 0.6
db:	VULMON	id:	CVE-2020-10972	Trust: 0.1

sources: VULMON: CVE-2020-10972 // JVNDB: JVNDB-2020-005164 // CNNVD: CNNVD-202005-272 // NVD: CVE-2020-10972

REFERENCES

url:	https://github.com/sudo-jtcsec/cve/blob/master/cve-2020-10972	Trust: 1.9
url:	https://github.com/sudo-jtcsec/nyra	Trust: 1.7
url:	https://github.com/sudo-jtcsec/cve/blob/master/cve-2020-10972-affected_devices	Trust: 1.7
url:	https://github.com/roni-carta/nyra	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10972	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10972	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47951	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/sudo-jtcsec/cve	Trust: 0.1

sources: VULMON: CVE-2020-10972 // JVNDB: JVNDB-2020-005164 // CNNVD: CNNVD-202005-272 // NVD: CVE-2020-10972

SOURCES

db:	VULMON	id:	CVE-2020-10972
db:	JVNDB	id:	JVNDB-2020-005164
db:	CNNVD	id:	CNNVD-202005-272
db:	NVD	id:	CVE-2020-10972

LAST UPDATE DATE

2024-11-23T23:04:24.309000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-10972	date:	2020-12-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-005164	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202005-272	date:	2020-12-07T00:00:00
db:	NVD	id:	CVE-2020-10972	date:	2024-11-21T04:56:29.260

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-10972	date:	2020-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-005164	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202005-272	date:	2020-05-07T00:00:00
db:	NVD	id:	CVE-2020-10972	date:	2020-05-07T18:15:11.257