OpenCVE

An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wavlink	Wl-wn530hg4 Wl-wn530hg4 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:wavlink:wl-wn530hg4_firmware:m30hg4.v5030.201217:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wl-wn530hg4:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.google.com/document/d/1zvbuu3Hkk3CAkojAivlUESvtHblHJNLJdpGOoNtk-Vo/edit?usp=sharing
https://github.com/strik3r0x1/Vulns/blob/main/WAVLINK%20WN530HG4.md

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-02-06T00:00:00

Updated: 2024-08-03T15:02:36.672Z

Reserved: 2022-12-29T00:00:00

Link: CVE-2022-48166

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-06T22:15:09.553

Modified: 2024-11-21T07:32:54.883

Link: CVE-2022-48166

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wl-wn530hg4_firmware:m30hg4.v5030.201217:*:*:*:*:*:*:*", "matchCriteriaId": "50CAB890-80DF-418C-B352-C72D49328995", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wl-wn530hg4:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C560108-445A-41BB-8D93-7FF5261FF54A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials."}, {"lang": "es", "value": "Un problema de control de acceso en Wavlink WL-WN530HG4 M30HG4.V5030.201217 permite a atacantes no autenticados descargar datos de configuraci\u00f3n y archivos de registro y obtener credenciales de administrador."}], "id": "CVE-2022-48166", "lastModified": "2024-11-21T07:32:54.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-06T22:15:09.553", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://docs.google.com/document/d/1zvbuu3Hkk3CAkojAivlUESvtHblHJNLJdpGOoNtk-Vo/edit?usp=sharing"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/strik3r0x1/Vulns/blob/main/WAVLINK%20WN530HG4.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://docs.google.com/document/d/1zvbuu3Hkk3CAkojAivlUESvtHblHJNLJdpGOoNtk-Vo/edit?usp=sharing"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/strik3r0x1/Vulns/blob/main/WAVLINK%20WN530HG4.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}