An issue was discovered in Wavlink WN579G3,Firmware package version M35G3R.V5030.180927,affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
WAVLINK WN579 G3
When viewing the /cgi-bin/ExportAllSettings.sh file, it was not properly authorized by the system.
Directly construct the url link as:
http://xxx.xxx.xxx.xxx/cgi-bin/ExportAllSettings.sh
Penwei.Huang