Login Sign Up

CVE-2021-44259

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows remote attackers to access the 'wx.html' page on WAVLINK AC1200 routers without authentication, granting them friend-level access to the device. This affects users running the vulnerable firmware version on these routers, potentially exposing device management functions to unauthorized parties.

💻 Affected Systems

Products:
  • WAVLINK AC1200 router
Versions: WAVLINK-A42W-1.27.6-20180418
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Wl Wn531g3 Firmware by Wavlink

View all CVEs affecting Wl Wn531g3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users gain administrative control over the router, enabling network traffic interception, device reconfiguration, or installation of persistent malware.

🟠

Likely Case

Attackers access device information and limited management functions, potentially enabling network reconnaissance or further exploitation.

🟢

If Mitigated

No impact if proper network segmentation and access controls prevent external access to the router's management interface.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only direct HTTP access to the vulnerable page without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

Check vendor website for firmware updates. If available, download latest firmware and apply through router admin interface.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface from untrusted networks

Access Control Lists

linux

Restrict access to router management IP/port to trusted IPs only

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

  • Disable remote management and ensure router admin interface is only accessible from internal network
  • Implement network monitoring for unauthorized access attempts to router management interface

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://[router_ip]/wx.html without authentication. If page loads, device is vulnerable.

Check Version:

Check router web interface or use nmap/router fingerprinting to identify firmware version

Verify Fix Applied:

After applying workarounds, verify unauthorized access to /wx.html is blocked or requires authentication.

📡 Detection & Monitoring

Log Indicators:

  • HTTP GET requests to /wx.html from unauthorized IP addresses
  • Failed authentication attempts followed by successful /wx.html access

Network Indicators:

  • Unusual HTTP traffic to router management port from external IPs
  • Traffic patterns suggesting router configuration changes

SIEM Query:

source_ip NOT IN trusted_networks AND http_request_uri = "/wx.html" AND http_response_code = 200

📊 Metadata

CVE ID: CVE-2021-44259
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-306
Published: March 17, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44259, you might also want to check these:

CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)
CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)
CVE-2025-58083 10.0

The General Industrial Controls Lynx+ Gateway has a critical authentication bypass vulnerability in ...

Same vulnerability type (CWE-306)