CVE-2022-40622

Exploit

EPSS 0.19%
Veröffentlicht 13.09.2022 21:15:10
Zuletzt bearbeitet 21.11.2024 07:21:43
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wavlink ≫ Wn531g3 Firmware Version <= m31g3.v5030.200325

Wavlink ≫ Wn531g3 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.412

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-304 Missing Critical Step in Authentication

The product implements an authentication technique, but it skips a step that weakens the technique.

https://youtu.be/cSileV8YbsQ?t=655

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-40622

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-40622

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-40622

EUVD