CVE-2022-40621

HIGH

7.5

Beschreibung

Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatHIGH

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht9/13/2022

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

wavlink:wn531g3wavlink:wn531g3_firmware

Schwachen (CWE)

CWE-294CWE-294

Referenzen

https://www.malbytes.net/2022/07/wavlink-quantum-d4g-zero-day-part-01.html(cve@rapid7.com)

https://www.malbytes.net/2022/07/wavlink-quantum-d4g-zero-day-part-01.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.