CVE-2020-12124

CRITICAL EXPLOITED NUCLEI

Wavlink Wn530h4 Firmware - OS Command Injection

Title source: rule

Description

A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.

Exploits (2)

nomisec WORKING POC

by Scorpion-Security-Labs · remote

https://github.com/Scorpion-Security-Labs/CVE-2020-12124

View Code ZIP pw:eip

nomisec WORKING POC

by db44k · remote

https://github.com/db44k/CVE-2020-12124

View Code ZIP pw:eip

Nuclei Templates (1)

WAVLINK WN530H4 live_api.cgi - Command Injection

CRITICALby DhiyaneshDK

Shodan: http.html:"wavlink"

FOFA: body="wavlink"

References (2)

[Third Party Advisory] https://cerne.xyz/bugs/CVE-2020-12124

[Product, Vendor Advisory] https://www.wavlink.com/en_us/product/WL-WN530H4.html

Scores

CVSS v3 9.8

EPSS 0.9229

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-03-30

CWE

CWE-78

Status published

Products (1)

wavlink/wn530h4_firmware m30h4.v5030.190403

Published Oct 02, 2020

Tracked Since Feb 18, 2026