CVE-2022-44356
Description
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated attackers can download configuration and log files from WAVLINK Quantum D4G routers, potentially exposing admin credentials.
Vulnerability
WAVLINK Quantum D4G (WL-WN531G3) routers running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 contain an access control vulnerability that allows unauthenticated attackers to download configuration data and log files. The issue lies in insufficient authentication checks on endpoints serving these files. [1]
Exploitation
An attacker with network access to the affected device can directly retrieve configuration and log files without any authentication. The exact endpoints are not publicly disclosed, but a proof-of-concept exists. [1]
Impact
Successful exploitation enables the attacker to download sensitive data, including configuration settings and log files, which may contain admin credentials. This can lead to full compromise of the router and the network it serves. [1]
Mitigation
As of publication, no patched firmware version has been released by WAVLINK. The only mitigation is to restrict network access to the device, such as placing it behind a firewall or disabling remote management. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: M31G3.V5030.201204, M31G3.V5030.200325
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.