CVE-2020-10973

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices, affecting /cgi-bin/ExportALLSettings.sh. A crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.

Source: CVE-2020-10973