CVE-2020-12127
HIGH NUCLEIWAVLINK WN530H4 M30H4.V5030.190403 - Unauthenticated Information Disclosure via ExportAllSettings.sh Endpoint
Title source: llmExploitation Summary
CVE-2020-12127 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.
Nuclei Templates (1)
WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
HIGHVERIFIEDby arafatansari
Shodan:
http.html:"Wavlink" || http.html:"wavlink"
FOFA:
body="wavlink"
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://www.wavlink.com/en_us/product/WL-WN530H4.html
Third Party Advisory x_refsource_misc
https://cerne.xyz/bugs/CVE-2020-12127
Scores
CVSS v3
7.5
EPSS
0.0644
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (1)
wavlink/wn530h4_firmware
m30h4.v5030.190403
Published
Oct 02, 2020
Tracked Since
Feb 18, 2026