Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Wavlink Panel - Unauthenticated Access

By kannthu

Vidoc logoVidoc Module

What is the "Wavlink Panel - Unauthenticated Access?"

The "Wavlink Panel - Unauthenticated Access" module is designed to detect a misconfiguration vulnerability in the Wavlink Panel software. This module targets routers that have the Wavlink Panel installed. The severity of this vulnerability is classified as high. The original author of this module is princechaddha.


If exploited, the misconfiguration vulnerability in the Wavlink Panel allows unauthorized access to the panel without any authentication requirements. This means that anyone can access and potentially manipulate the router's settings and configurations, posing a significant security risk.

How the module works?

The module works by sending an HTTP GET request to the "/wifi_base.shtml" path of the targeted router. It then applies several matching conditions to determine if the misconfiguration vulnerability exists:

- The response body must contain the HTML tag "<title>APP</title>". - The response body must match the regular expression "var passphraseKey12="(.*)";". - The response body must not contain the string "var passphraseKey12="";". - The response status code must be 200.

If all of these conditions are met, the module identifies the presence of the misconfiguration vulnerability in the Wavlink Panel.

Example HTTP request:

GET /wifi_base.shtml

Note: The above example is a simplified representation of the HTTP request and does not include headers or other details.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: <title>APP</title>and
regex: var passphraseKey12="(.*)";and
NOT word: var passphraseKey12="";and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability