CVE-2022-48164
Description
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated access to /cgi-bin/ExportLogs.sh on Wavlink WL-WN533A8 (M33A8.V5030.190716) exposes configuration and admin credentials.
Vulnerability
An access control issue exists in the /cgi-bin/ExportLogs.sh endpoint on Wavlink WL-WN533A8 devices running firmware version M33A8.V5030.190716. This endpoint does not require authentication, allowing any unauthenticated attacker to retrieve the device's configuration data and log files, which include admin credentials.
Exploitation
An attacker can exploit this vulnerability by sending a simple HTTP GET request to /cgi-bin/ExportLogs.sh from any network-accessible position. No authentication, user interaction, or special privileges are required. The endpoint returns the sensitive data directly in the response.
Impact
Successful exploitation allows the attacker to obtain the device's admin credentials, granting full administrative control over the device. This leads to complete compromise of confidentiality (exposure of configuration and logs) and integrity (ability to modify settings), and may enable further attacks on internal networks.
Mitigation
No official patch or mitigation has been disclosed in the available reference [1]. Users should monitor the vendor's support channels for firmware updates and consider restricting network access to the device until a patch is available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.