Volerion logoVolerion
Volerion logoVolerion

Wavlink AC3000 Information Disclosure Vulnerability in testsave.sh

Vulnerability

A vulnerability allowing information disclosure exists in the Wavlink AC3000 router, specifically in the testsave.sh script. This issue arises in the version M33A8.V5030.210505. The vulnerability can be exploited by sending a specially crafted HTTP request, which the router's lighttpd server will process. The testsave.sh script, located in the '/www/cgi-bin' directory, is executed when the corresponding URL is accessed. The script outputs the contents of the '/var/log/messages' file, thereby disclosing sensitive information.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive information, specifically data contained in the router's system log.

Reproduction

To reproduce this vulnerability, send an HTTP request to the Wavlink AC3000 router that targets the testsave.sh script in the '/www/cgi-bin' directory. The router's lighttpd server will execute the script, which will then return the contents of the '/var/log/messages' file as a downloadable attachment named 'syslog.txt'.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
2.5
exploitability
8.4
remediation
0.0
relevance
0.0
threat
6.4
urgency
2.9
incentive
5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.