CVE-2020-10974 - Vulnerability Details

Vendors	Products
Wavlink	Jetstream Ac3000 Jetstream Ac3000 Firmware Jetstream Erac3000 Jetstream Erac3000 Firmware Wl-wn575a3 Wl-wn575a3 Firmware Wl-wn579g3 Wl-wn579g3 Firmware Wn530h4 Wn530h4 Firmware Wn531a6 Wn531a6 Firmware Wn535g3 Wn535g3 Firmware Wn572hg3 Wn572hg3 Firmware Wn575a4 Wn575a4 Firmware Wn578a2 Wn578a2 Firmware Wn579g3 Wn579g3 Firmware Wn579x3 Wn579x3 Firmware Wn57x93 Wn57x93 Firmware

Link	Providers
https://github.com/Roni-Carta/nyra
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974
https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices
https://github.com/sudo-jtcsec/Nyra

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-04T20:12:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sudo-jtcsec/Nyra"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Roni-Carta/nyra"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10974", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974", "refsource": "MISC", "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"}, {"name": "https://github.com/sudo-jtcsec/Nyra", "refsource": "MISC", "url": "https://github.com/sudo-jtcsec/Nyra"}, {"name": "https://github.com/Roni-Carta/nyra", "refsource": "MISC", "url": "https://github.com/Roni-Carta/nyra"}, {"name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices", "refsource": "MISC", "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:21:14.401Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sudo-jtcsec/Nyra"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Roni-Carta/nyra"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10974", "datePublished": "2020-05-07T17:42:57", "dateReserved": "2020-03-26T00:00:00", "dateUpdated": "2024-08-04T11:21:14.401Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-12-04T20:12:37 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/sudo-jtcsec/Nyra (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/Roni-Carta/nyra (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2020-10974 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000 (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974 (string)

refsource : MISC (string)

url : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974 (string)

}

1 : { »

name : https://github.com/sudo-jtcsec/Nyra (string)

refsource : MISC (string)

url : https://github.com/sudo-jtcsec/Nyra (string)

}

2 : { »

name : https://github.com/Roni-Carta/nyra (string)

refsource : MISC (string)

url : https://github.com/Roni-Carta/nyra (string)

}

3 : { »

name : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices (string)

refsource : MISC (string)

url : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T11:21:14.401Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/sudo-jtcsec/Nyra (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/Roni-Carta/nyra (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2020-10974 (string)

datePublished : 2020-05-07T17:42:57 (string)

dateReserved : 2020-03-26T00:00:00 (string)

dateUpdated : 2024-08-04T11:21:14.401Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wl-wn575a3_firmware:rpt75a3.v4300.180801:*:*:*:*:*:*:*", "matchCriteriaId": "E5F36CD2-95F5-4EEA-AFA7-F7D454B54500", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wl-wn575a3:-:*:*:*:*:*:*:*", "matchCriteriaId": "E486B15E-04DA-4DF6-A1A9-A37171131F44", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wl-wn579g3_firmware:m79x3.v5030.180719:*:*:*:*:*:*:*", "matchCriteriaId": "DA5B5133-6117-46F5-952B-83E07431103A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wl-wn579g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "A953535F-7F4A-4EE5-B410-7650FC522E47", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wn531a6_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DD8ACD6-6E1A-4E10-BDE4-A1ECC7F42D05", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wn531a6:-:*:*:*:*:*:*:*", "matchCriteriaId": "E958D7CA-F423-4698-8C17-4FD4D601EE0B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4E9A604-7475-4035-B116-A739A4FA6371", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EEDA6D9-FD39-4123-BDF8-ED1D9C135993", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wn57x93_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7EE1B149-335C-4111-BD84-346E7B53F91F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wn57x93:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFB659B8-9D39-4FD7-BF22-D8324C81C027", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wn572hg3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "442C07D4-A5F1-4BD5-9727-523D57DB18F8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*", "matchCriteriaId": "D85484EB-22F0-4140-9B9F-AC5EB24159DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wn575a4_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACB35DB2-9E80-44F8-90F1-D347E288960C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wn575a4:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA899EFB-5557-41A6-810B-A87161556798", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wn578a2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F99776B-4224-45CA-80DA-ABF0F6FBDC96", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wn578a2:-:*:*:*:*:*:*:*", "matchCriteriaId": "251C549D-78A7-4A3D-8F9C-2737FC2E1561", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wn579g3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "58403BD0-AE29-4A3F-9E9E-69B94AEDDAF3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wn579g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "1AE4FEE5-D863-469E-B83A-53E250B55433", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wn579x3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "49FB3F17-942A-4836-86A0-84FD8352EEE8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wn579x3:-:*:*:*:*:*:*:*", "matchCriteriaId": "451F26A1-FE00-4894-9199-2C86CD6EE2C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:jetstream_ac3000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DC80FB1-E311-418E-9BBF-CECC47E0516C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:jetstream_ac3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7E3DC7-45D4-413A-8842-E5247F39988E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:jetstream_erac3000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "31E165AC-3CBC-46AA-A495-1E9633C09BC7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:jetstream_erac3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "518EA6B0-FDAE-45F0-B18B-2C15C72EDF4F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos que afecta a una funcionalidad backup. Una petici\u00f3n POST creada devuelve la configuraci\u00f3n actual del dispositivo en texto plano, incluida la contrase\u00f1a del administrador. No es requerida una autenticaci\u00f3n. Dispositivos afectados: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, y Jetstream AC3000/ERAC3000"}], "id": "CVE-2020-10974", "lastModified": "2024-11-21T04:56:29.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-07T18:15:11.333", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable", "Third Party Advisory"], "url": "https://github.com/Roni-Carta/nyra"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/sudo-jtcsec/Nyra"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Third Party Advisory"], "url": "https://github.com/Roni-Carta/nyra"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/sudo-jtcsec/Nyra"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:wl-wn575a3_firmware:rpt75a3.v4300.180801:*:*:*:*:*:*:* (string)

matchCriteriaId : E5F36CD2-95F5-4EEA-AFA7-F7D454B54500 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:wl-wn575a3:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E486B15E-04DA-4DF6-A1A9-A37171131F44 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:wl-wn579g3_firmware:m79x3.v5030.180719:*:*:*:*:*:*:* (string)

matchCriteriaId : DA5B5133-6117-46F5-952B-83E07431103A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:wl-wn579g3:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A953535F-7F4A-4EE5-B410-7650FC522E47 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:wn531a6_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2DD8ACD6-6E1A-4E10-BDE4-A1ECC7F42D05 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:wn531a6:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E958D7CA-F423-4698-8C17-4FD4D601EE0B (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C4E9A604-7475-4035-B116-A739A4FA6371 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:wn535g3:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B8F9E9ED-DDDC-4E7D-8179-F497AFD5EF97 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:wn530h4_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 4EEDA6D9-FD39-4123-BDF8-ED1D9C135993 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:wn57x93_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 7EE1B149-335C-4111-BD84-346E7B53F91F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:wn57x93:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DFB659B8-9D39-4FD7-BF22-D8324C81C027 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:wn572hg3_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 442C07D4-A5F1-4BD5-9727-523D57DB18F8 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D85484EB-22F0-4140-9B9F-AC5EB24159DA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:wn575a4_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : ACB35DB2-9E80-44F8-90F1-D347E288960C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:wn575a4:-:*:*:*:*:*:*:* (string)

matchCriteriaId : CA899EFB-5557-41A6-810B-A87161556798 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:wn578a2_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0F99776B-4224-45CA-80DA-ABF0F6FBDC96 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:wn578a2:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 251C549D-78A7-4A3D-8F9C-2737FC2E1561 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

9 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:wn579g3_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 58403BD0-AE29-4A3F-9E9E-69B94AEDDAF3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:wn579g3:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1AE4FEE5-D863-469E-B83A-53E250B55433 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

10 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:wn579x3_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 49FB3F17-942A-4836-86A0-84FD8352EEE8 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:wn579x3:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 451F26A1-FE00-4894-9199-2C86CD6EE2C1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

11 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:jetstream_ac3000_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0DC80FB1-E311-418E-9BBF-CECC47E0516C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:jetstream_ac3000:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3D7E3DC7-45D4-413A-8842-E5247F39988E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

12 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:wavlink:jetstream_erac3000_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 31E165AC-3CBC-46AA-A495-1E9633C09BC7 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:wavlink:jetstream_erac3000:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 518EA6B0-FDAE-45F0-B18B-2C15C72EDF4F (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000 (string)

}

1 : { »

lang : es (string)

value : Se detectó un problema en los dispositivos que afecta a una funcionalidad backup. Una petición POST creada devuelve la configuración actual del dispositivo en texto plano, incluida la contraseña del administrador. No es requerida una autenticación. Dispositivos afectados: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, y Jetstream AC3000/ERAC3000 (string)

}

]

id : CVE-2020-10974 (string)

lastModified : 2024-11-21T04:56:29.563 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-05-07T18:15:11.333 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Not Applicable (string)

1 : Third Party Advisory (string)

]

url : https://github.com/Roni-Carta/nyra (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Broken Link (string)

]

url : https://github.com/sudo-jtcsec/Nyra (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Not Applicable (string)

1 : Third Party Advisory (string)

]

url : https://github.com/Roni-Carta/nyra (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : https://github.com/sudo-jtcsec/Nyra (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-306 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object