Sign-up

ID

VAR-202207-1589


CVE

CVE-2022-34047


TITLE

WAVLINK  of  WL-WN530HG4  Vulnerability to disclosure of resources to the wrong area in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-013536

DESCRIPTION

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. WAVLINK of WL-WN530HG4 There is a resource disclosure vulnerability in the wrong area in firmware.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-34047 // JVNDB: JVNDB-2022-013536 // VULMON: CVE-2022-34047

AFFECTED PRODUCTS

vendor:wavlinkmodel:wl-wn530hg4scope:eqversion:m30hg4.v5030.191116

Trust: 1.0

vendor:wavlinkmodel:wl-wn530hg4scope:eqversion: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn530hg4scope: - version: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn530hg4scope:eqversion:wl-wn530hg4 firmware m30hg4.v5030.191116

Trust: 0.8

sources: JVNDB: JVNDB-2022-013536 // NVD: CVE-2022-34047

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-34047
value: HIGH

Trust: 1.0

NVD: CVE-2022-34047
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202207-2060
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-34047
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-34047
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-013536 // CNNVD: CNNVD-202207-2060 // NVD: CVE-2022-34047

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.0

problemtype:Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-013536 // NVD: CVE-2022-34047

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2060

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-2060

EXTERNAL IDS

db:NVDid:CVE-2022-34047

Trust: 3.3

db:PACKETSTORMid:167891

Trust: 2.4

db:JVNDBid:JVNDB-2022-013536

Trust: 0.8

db:CXSECURITYid:WLB-2022080014

Trust: 0.6

db:EXPLOIT-DBid:50991

Trust: 0.6

db:CNNVDid:CNNVD-202207-2060

Trust: 0.6

db:VULMONid:CVE-2022-34047

Trust: 0.1

sources: VULMON: CVE-2022-34047 // JVNDB: JVNDB-2022-013536 // CNNVD: CNNVD-202207-2060 // NVD: CVE-2022-34047

REFERENCES

url:http://packetstormsecurity.com/files/167891/wavlink-wn530hg4-password-disclosure.html

Trust: 3.0

url:https://drive.google.com/file/d/1stqduc12azvjrfeb5wp8afpduekku9sy/view?usp=sharing

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-34047

Trust: 0.8

url:https://www.exploit-db.com/exploits/50991

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022080014

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-34047/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-34047 // JVNDB: JVNDB-2022-013536 // CNNVD: CNNVD-202207-2060 // NVD: CVE-2022-34047

CREDITS

Ahmed Alroky

Trust: 0.6

sources: CNNVD: CNNVD-202207-2060

SOURCES

db:VULMONid:CVE-2022-34047
db:JVNDBid:JVNDB-2022-013536
db:CNNVDid:CNNVD-202207-2060
db:NVDid:CVE-2022-34047

LAST UPDATE DATE

2024-08-14T15:42:21.266000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-34047date:2022-07-20T00:00:00
db:JVNDBid:JVNDB-2022-013536date:2023-09-08T08:28:00
db:CNNVDid:CNNVD-202207-2060date:2022-08-10T00:00:00
db:NVDid:CVE-2022-34047date:2022-10-06T19:05:15.797

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-34047date:2022-07-20T00:00:00
db:JVNDBid:JVNDB-2022-013536date:2023-09-08T00:00:00
db:CNNVDid:CNNVD-202207-2060date:2022-07-20T00:00:00
db:NVDid:CVE-2022-34047date:2022-07-20T17:15:08.570