The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.
References
Link | Resource |
---|---|
https://youtu.be/cSileV8YbsQ?t=655 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
19 Sep 2022, 13:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-287 | |
First Time |
Wavlink wn531g3
Wavlink wn531g3 Firmware Wavlink |
|
CPE | cpe:2.3:h:wavlink:wn531g3:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn531g3_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://youtu.be/cSileV8YbsQ?t=655 - Exploit, Third Party Advisory |
13 Sep 2022, 21:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-13 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-40622
Mitre link : CVE-2022-40622
CVE.ORG link : CVE-2022-40622
JSON object : View
Products Affected
wavlink
- wn531g3_firmware
- wn531g3