CVE-2020-13117

CRITICAL EXPLOITED NUCLEI

Wavlink <2020-05-15 - Command Injection

Title source: llm

Description

Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.

Nuclei Templates (1)

Wavlink Multiple AP - Remote Command Injection

CRITICALVERIFIEDby gy741

Shodan: http.title:"Wi-Fi APP Login"

References (2)

[Various Sources] https://github.com/ice-wzl/Wavlink-WN530G3A-Cmd-Injection/blob/main/README.md

View Writeup ZIP pw:eip

[Exploit, Third Party Advisory] https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html

Scores

CVSS v3 9.8

EPSS 0.9387

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-11

CWE

CWE-77

Status published

Products (2)

wavlink/wn575a4_firmware < 2020-05-15

wavlink/wn579x3_firmware < 2020-05-15

Published Feb 09, 2021

Tracked Since Feb 18, 2026