Back to KEVs

CVE-2020-13117

Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.

Basic Information

CVE State: PUBLISHED
Reserved Date: May 16, 2020
Published Date: February 09, 2021
Last Updated: August 04, 2024
Vendor: Wavlink
Product: WN575A4 & WN579X3
Description: Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

Score: 92.97% (Percentile: 99.76%) as of 2025-06-14

Exploit Status

Exploited in the Wild: Yes (2025-05-27 00:00:00 UTC) Source

References

https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-05-28 12:00:41 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-13117.yaml	2025-04-26 00:00:00 UTC

Timeline

CVE ID Reserved

May 16, 2020
CVE Published to Public

February 09, 2021
Detected by Nuclei

April 26, 2025
Added to KEVIntel

May 28, 2025