CVE-2022-40622

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.
References
Link Resource
https://youtu.be/cSileV8YbsQ?t=655 Exploit Third Party Advisory
Configurations

Configuration 1


Information

Published : 2022-09-13 09:15

Updated : 2022-09-19 01:55


NVD link : CVE-2022-40622

Mitre link : CVE-2022-40622

Products Affected
CWE