Login Sign Up

CVE-2022-34570

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in WAVLINK WN579 X3 routers allows attackers to access sensitive key information by visiting the messages.txt page without authentication. It affects users of these specific router models running vulnerable firmware versions. The information leak could expose cryptographic keys or other sensitive configuration data.

💻 Affected Systems

Products:
  • WAVLINK WN579 X3
Versions: M79X3.V5030.191012
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Wl Wn579x3 Firmware by Wavlink

View all CVEs affecting Wl Wn579x3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain cryptographic keys enabling decryption of network traffic, authentication bypass, or complete device compromise leading to network infiltration.

🟠

Likely Case

Attackers gain access to sensitive configuration data, potentially enabling further attacks or information gathering about the network.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to the router's web interface.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only HTTP access to the messages.txt page; no authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check WAVLINK website for firmware updates. If available, download and flash the latest firmware through the router's web interface.

🔧 Temporary Workarounds

Block web interface access

all

Restrict access to the router's web management interface using firewall rules

Disable remote management

all

Ensure remote management/administration is disabled in router settings

🧯 If You Can't Patch

  • Isolate affected routers in separate network segments with strict firewall rules
  • Implement network monitoring for unauthorized access attempts to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Access http://[router-ip]/messages.txt in a web browser. If it returns sensitive key information, the device is vulnerable.

Check Version:

Check router web interface → System Status or About page for firmware version

Verify Fix Applied:

After firmware update, attempt to access messages.txt page. It should return 404 error or no sensitive data.

📡 Detection & Monitoring

Log Indicators:

  • HTTP GET requests to /messages.txt from unauthorized IPs
  • Unusual access patterns to router management interface

Network Indicators:

  • External IPs accessing router's web interface on port 80/443
  • Traffic to /messages.txt endpoint

SIEM Query:

source="router_logs" AND (url="/messages.txt" OR status=200 AND user_agent NOT IN ["internal_monitoring"])

📊 Metadata

CVE ID: CVE-2022-34570
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-425
Published: July 25, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-34570, you might also want to check these:

CVE-2024-0204 9.8

This vulnerability allows an unauthenticated attacker to bypass authentication in Fortra's GoAnywher...

Same vulnerability type (CWE-425)
CVE-2021-36560 9.8

CVE-2021-36560 is an authentication bypass vulnerability in Phone Shop Sales Management System 1.0 t...

Same vulnerability type (CWE-425)
CVE-2019-12768 9.8

This vulnerability allows attackers to bypass authentication on D-Link DAP-1650 wireless range exten...

Same vulnerability type (CWE-425)