Wavlink Panel - Unauthenticated Access

By kannthu

High

Vidoc Module

#exposure#wavlink#unauth#misconfig#router

Description

What is the "Wavlink Panel - Unauthenticated Access?"

The "Wavlink Panel - Unauthenticated Access" module is designed to detect a misconfiguration vulnerability in the Wavlink Panel software. This module targets routers that have the Wavlink Panel installed. The severity of this vulnerability is classified as high. The original author of this module is princechaddha.

Impact

If exploited, the misconfiguration vulnerability in the Wavlink Panel allows unauthorized access to the panel without any authentication requirements. This means that anyone can access and potentially manipulate the router's settings and configurations, posing a significant security risk.

How the module works?

The module works by sending an HTTP GET request to the "/wifi_base.shtml" path of the targeted router. It then applies several matching conditions to determine if the misconfiguration vulnerability exists:

- The response body must contain the HTML tag "<title>APP</title>". - The response body must match the regular expression "var passphraseKey12="(.*)";". - The response body must not contain the string "var passphraseKey12="";". - The response status code must be 200.

If all of these conditions are met, the module identifies the presence of the misconfiguration vulnerability in the Wavlink Panel.

Example HTTP request:

GET /wifi_base.shtml

Note: The above example is a simplified representation of the HTTP request and does not include headers or other details.

Module preview

Concurrent Requests (1)

1. HTTP Request template

GET/wifi_base.shtml

Matching conditions

word: <title>APP</title>and

regex: var passphraseKey12="(.*)";and

NOT word: var passphraseKey12="";and

status: 200

Passive global matcher

No matching conditions.

On match action

Report vulnerability