← Back to CVEs
CVE-2022-40622
HIGH8.8
Description
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorADJACENT_NETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published9/13/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
wavlink:wn531g3wavlink:wn531g3_firmware
Weaknesses (CWE)
CWE-304CWE-287
References
https://youtu.be/cSileV8YbsQ?t=655(cve@rapid7.com)
https://youtu.be/cSileV8YbsQ?t=655(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.