CVE-2023-30313
Description
An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which could lead to a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Wavlink QUANTUM D2G routers contain a TCP hijacking vulnerability due to NAT port preservation and missing TCP window tracking, enabling denial of service.
Vulnerability
CVE-2023-30313 affects Wavlink QUANTUM D2G routers, stemming from weaknesses in NAT port preservation and reverse path validation. These flaws allow an off-path attacker to infer active TCP connections and manipulate NAT mappings, leading to session hijacking [1].
Exploitation
An attacker on the same network can detect TCP connections between a victim and an external server. By sending crafted packets, the attacker evicts the original NAT mapping and establishes a new one, intercepting server packets to obtain sequence numbers. This requires no authentication and can be performed remotely within the local network [1].
Impact
Successful exploitation permits the attacker to forcibly close TCP connections, inject malicious data into plaintext traffic, or reroute server packets to the attacker. This results in denial of service or potential data manipulation. The attack is efficient, with high success rates across tested scenarios [1].
Mitigation
Wavlink has been notified and mitigation strategies have been suggested. Users should apply firmware updates if available, or consider disabling NAT features until a patch is released [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.