CVE-2022-34047

HIGH NUCLEI

Wavlink WN530HG4 M30HG4.V5030.191116 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-34047. PoCs published by Ahmed Alroky. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit discloses the admin password of Wavlink WN530HG4 routers by accessing a specific URL that leaks the credentials in plaintext within the page source. No authentication is required, making it a trivial information disclosure vulnerability.

Description

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].

Exploits (1)

exploitdb WORKING POC
by Ahmed Alroky · textwebappshardware
https://www.exploit-db.com/exploits/50991

This exploit discloses the admin password of Wavlink WN530HG4 routers by accessing a specific URL that leaks the credentials in plaintext within the page source. No authentication is required, making it a trivial information disclosure vulnerability.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Wavlink WN530HG4 M30HG4.V5030.191116
No auth needed
Prerequisites: Network access to the router's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WAVLINK WN530HG4 - Improper Access Control
HIGHVERIFIEDby For3stCo1d
Shodan: http.title:"Wi-Fi APP Login" || http.html:"wn530hg4" || http.title:"wi-fi app login"
FOFA: body="wn530hg4" || title="wi-fi app login"

References (2)

Core 2
Core References

Scores

CVSS v3 7.5
EPSS 0.1655
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-668
Status published
Products (1)
wavlink/wl-wn530hg4_firmware m30hg4.v5030.191116
Published Jul 20, 2022
Tracked Since Feb 18, 2026