var-202005-0094
Vulnerability from variot
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3. Wavlink WL-WN530HG4 Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0094",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn530hg4",
"scope": "eq",
"trust": 1.0,
"vendor": "wavlink",
"version": "m30hg4.v5030.191116"
},
{
"model": "wn531g3",
"scope": "eq",
"trust": 1.0,
"vendor": "wavlink",
"version": null
},
{
"model": "wn572hg3",
"scope": "eq",
"trust": 1.0,
"vendor": "wavlink",
"version": null
},
{
"model": "wl-wn530hg4",
"scope": "eq",
"trust": 0.8,
"vendor": "wavlink",
"version": "m30hg4.v5030.191116"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005164"
},
{
"db": "NVD",
"id": "CVE-2020-10972"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wavlink:wl-wn530hg4_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005164"
}
]
},
"cve": "CVE-2020-10972",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10972",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005164",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10972",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005164",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10972",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005164",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-272",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-10972",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10972"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005164"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-272"
},
{
"db": "NVD",
"id": "CVE-2020-10972"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3. Wavlink WL-WN530HG4 Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10972"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005164"
},
{
"db": "VULMON",
"id": "CVE-2020-10972"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10972",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005164",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "47951",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-272",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-10972",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10972"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005164"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-272"
},
{
"db": "NVD",
"id": "CVE-2020-10972"
}
]
},
"id": "VAR-202005-0094",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2125
},
"last_update_date": "2024-11-23T23:04:24.309000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wavlink.com"
},
{
"title": "CVE",
"trust": 0.1,
"url": "https://github.com/sudo-jtcsec/CVE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10972"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005164"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.8
},
{
"problemtype": "CWE-306",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005164"
},
{
"db": "NVD",
"id": "CVE-2020-10972"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://github.com/sudo-jtcsec/cve/blob/master/cve-2020-10972"
},
{
"trust": 1.7,
"url": "https://github.com/sudo-jtcsec/nyra"
},
{
"trust": 1.7,
"url": "https://github.com/sudo-jtcsec/cve/blob/master/cve-2020-10972-affected_devices"
},
{
"trust": 1.7,
"url": "https://github.com/roni-carta/nyra"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10972"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10972"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47951"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/sudo-jtcsec/cve"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10972"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005164"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-272"
},
{
"db": "NVD",
"id": "CVE-2020-10972"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-10972"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005164"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-272"
},
{
"db": "NVD",
"id": "CVE-2020-10972"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10972"
},
{
"date": "2020-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005164"
},
{
"date": "2020-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-272"
},
{
"date": "2020-05-07T18:15:11.257000",
"db": "NVD",
"id": "CVE-2020-10972"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10972"
},
{
"date": "2020-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005164"
},
{
"date": "2020-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-272"
},
{
"date": "2024-11-21T04:56:29.260000",
"db": "NVD",
"id": "CVE-2020-10972"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-272"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wavlink WL-WN530HG4 Inadequate protection of credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005164"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-272"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.