CVE-2020-12127

HIGH NUCLEI

Wavlink Wn530h4 Firmware - Missing Authentication

Title source: rule

Description

An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.

Nuclei Templates (1)

WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure

HIGHVERIFIEDby arafatansari

Shodan: http.html:"Wavlink" || http.html:"wavlink"

FOFA: body="wavlink"

References (2)

[Third Party Advisory] https://cerne.xyz/bugs/CVE-2020-12127

[Product, Vendor Advisory] https://www.wavlink.com/en_us/product/WL-WN530H4.html

Scores

CVSS v3 7.5

EPSS 0.1847

EPSS Percentile 95.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-306

Status published

Products (1)

wavlink/wn530h4_firmware m30h4.v5030.190403

Published Oct 02, 2020

Tracked Since Feb 18, 2026