CRITICAL🇵🇱 Wersja polska

CVE-2024-54747

CVSS 9.8v3.1pub. 2024-12-06upd. 2025-10-03

WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

🤖 AI Analysis
How it works

In the firmware of the Wavlink WN531P3 device (version 202383), the /etc/shadow file contains a hardcoded password for the root account. Since the password is embedded in the software and identical across all devices in this series, an attacker who discovers it can log in as root on any vulnerable device. No user interaction or prior privileges are required.

Impact

The attacker gains full administrative (root) access to the device, enabling them to take control of its configuration, network, and potentially the entire infrastructure that the device has access to.

Mitigation & patch

Apply patches available from the manufacturer according to the references. As immediate remedial measures, it is recommended to restrict device access only to trusted networks and monitor login attempts to the root account.

Who is affected

Wavlink WN531P3 with firmware version 202383

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Wavlink Wn531p3

    HW
    Wavlink
    wszystkie wersje
  • Wavlink Wn531p3 Firmware

    OS
    Wavlink
    202383
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-35518CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and U...

CVE-2022-35519CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which...

CVE-2022-35520CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is...

CVE-2022-35521CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManage...

CVE-2022-35522CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp...