Wavlink WL-WN578W2 Unverified Password Change Vulnerability

A vulnerability allowing unverified password changes has been identified in the Wavlink WL-WN578W2 wireless range extender, specifically in the firmware version M78W2_V221110. The issue resides in the file '/sysinit.html', where the 'newpass' and 'confpass' parameters can be manipulated to change the admin password without any authentication. This vulnerability can be exploited remotely, potentially leading to unauthorized access and control over the device.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, enabling attackers to gain full control of the affected device.

Reproduction

To reproduce this vulnerability, access the '/sysinit.html' endpoint without authentication. Once there, submit a request with the 'newpass' and 'confpass' parameters to change the admin password. After the password is changed, log in through the 'login.html' page using the new password to confirm the change was successful.

Remediation

It is recommended to implement firewall rules to block unauthorized access to the vulnerable endpoint.