CVE-2020-10972

high

Description

An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3

References

Advisories
More

https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices

https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972

https://github.com/Roni-Carta/nyra

https://github.com/sudo-jtcsec/Nyra

Details

Source: Mitre, NVD

Published: 2020-05-07

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00305