Information Disclosure in WAVLINK WN530H4
This vulnerability was an Information Disclosure vulnerability in the WAVLINK WN530H4 router.
There was sensitive information disclosure located at the endpoint /cgi-bin/ExportAllSettings.sh. In this information disclosure, an attacker could download all of the router settings, and even gain access to the username and password that is set.
The file was a key-value pair with all of the router settings. This seemed to be an intended feature from the router developers, however, the authentication bypass vulnerability caused this endpoint to be exposed. While the information disclosure was only possible due to incorrect access controls, information (such as cleartext passwords) was exposed that should have been better protected.
Here is a sample of the data returned by that endpoint:
#The following line must not be removed. ##RT2860CONF Default WebInit=1 LOGO1=images/WAVLINK-logo.png LOGO2=images/WAVLINK-logo.gif HostName=WAVLINK Login=admin2860 Password=Cerne123! Login_def=admin Password_def=admin ...omitted for brevity...
CHRIS CERNE
Christopher Cerne is a Senior Security Consultant at Stratum Security with over a decade of experience in technology. His passion for computers began in elementary school, evolving into a career focused on identifying security issues in code. After studying embedded device security at Virginia Tech, Christopher now specializes in conducting security reviews and threat modeling for externally facing applications.
ConnectMade with ❤️ by Chris Cerne © 2025