CVE-2020-12127

Vulnerability

An information disclosure vulnerability exists in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 router running firmware version M30H4.V5030.190403 [1]. The endpoint does not require any authentication, allowing an attacker to retrieve the full router configuration, including cleartext login credentials, DNS settings, and other sensitive data [1].

Exploitation

An attacker can exploit this vulnerability by sending a direct HTTP request to the vulnerable endpoint (/cgi-bin/ExportAllSettings.sh) from any network-adjacent or remote position, without needing prior authentication, user interaction, or any special privileges [1]. No write access or race condition is required – the endpoint responds immediately with the settings file.

Impact

Successful exploitation leads to full disclosure of the router's settings, including cleartext login credentials (such as the administrator username and password), DNS server entries, and other configuration details [1]. This information can be used by an attacker to gain administrative access to the router, potentially enabling further attacks on the internal network or modification of router settings.

Mitigation

As of the publication date (2020-10-02), no patch or updated firmware has been released by WAVLINK to address this vulnerability [1]. Users are advised to restrict network access to the management interface, place the router behind a firewall, or consider replacing the device if no fix is provided. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the knowledge cutoff.