CVE-2020-37097
Information Disclosure in Edimax EW-7438RPn via wlencrypt_wiz.asp
Publication date: 2026-02-03
Last updated on: 2026-02-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edimax | ew-7438rpn_mini_firmware | 1.13 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Edimax EW-7438RPn version 1.13 device. It is an information disclosure flaw where attackers can access the wlencrypt_wiz.asp file to retrieve sensitive WiFi network configuration details.
Specifically, the vulnerability allows attackers to obtain the WiFi network name (SSID) and the plaintext password stored in the device's configuration variables.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain unauthorized access to your WiFi network by retrieving the network name and plaintext password.
This can lead to unauthorized network access, potential interception of network traffic, and compromise of devices connected to the network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know