Unrated severityNVD Advisory· Published Sep 13, 2022· Updated Sep 16, 2024

WAVLINK Quantum D4G (WN531G3) Session Management by IP Address

CVE-2022-40622

Description

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.

Affected products

Wavlink/Quantum D4G (WN531G3)llm-fuzzy
Range: = M31G3.V5030.200325
Wavlink/WL-WN531G3cpe-rescue
Range: M31G3.V5030.200325

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

youtu.be/cSileV8YbsQmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000