CVE-2022-48164

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 29, 2022
Published Date: February 06, 2023
Last Updated: March 26, 2025
Vendor: Wavlink
Product: WL-WN533A8
Description: An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
Tags

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Score: 83.12% (Percentile: 99.19%) as of 2025-06-20

SSVC Information

Exploitation: none
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2025-06-17 00:00:00 UTC) Source

References

https://docs.google.com/document/d/1JgqpBYRxyU0WKDSqkvi4Yo0723k7mrIUeuH9i1eEs8U/edit?usp=sharing https://github.com/strik3r0x1/Vulns/blob/main/WAVLINK_WN533A8.md

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-06-18 12:00:21 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-48164.yaml	2025-04-26 00:00:00 UTC

Timeline

CVE ID Reserved

December 29, 2022
CVE Published to Public

February 06, 2023
Detected by Nuclei

April 26, 2025
Added to KEVIntel

June 18, 2025