Unrated severityNVD Advisory· Published Sep 13, 2022· Updated Sep 17, 2024

WAVLINK Quantum D4G (WN531G3) Pass-The-Hash

CVE-2022-40621

Description

Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.

Affected products

Wavlink/Quantum D4G (WN531G3)llm-create
Range: <= M31G3.V5030.200325
Wavlink/WL-WN531G3cpe-rescue
Range: M31G3.V5030.200325

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.malbytes.net/2022/07/wavlink-quantum-d4g-zero-day-part-01.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000