Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Wavlink Panel - Unauthenticated Access" module is designed to detect a misconfiguration vulnerability in the Wavlink Panel software. This module targets routers that have the Wavlink Panel installed. The severity of this vulnerability is classified as high. The original author of this module is princechaddha.
If exploited, the misconfiguration vulnerability in the Wavlink Panel allows unauthorized access to the panel without any authentication requirements. This means that anyone can access and potentially manipulate the router's settings and configurations, posing a significant security risk.
The module works by sending an HTTP GET request to the "/wifi_base.shtml" path of the targeted router. It then applies several matching conditions to determine if the misconfiguration vulnerability exists:
- The response body must contain the HTML tag "<title>APP</title>". - The response body must match the regular expression "var passphraseKey12="(.*)";". - The response body must not contain the string "var passphraseKey12="";". - The response status code must be 200.If all of these conditions are met, the module identifies the presence of the misconfiguration vulnerability in the Wavlink Panel.
Example HTTP request:
GET /wifi_base.shtml
Note: The above example is a simplified representation of the HTTP request and does not include headers or other details.