CVE-2022-40622 — HIGH (8.8)

Q: How severe is CVE-2022-40622?

CVE-2022-40622 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-40622?

Check the references section above for vendor advisories and patch information. Affected products include: Wavlink Wn531G3 Firmware, Wavlink Wn531G3.

Vulnerability Description

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wavlink	Wn531G3 Firmware	<= m31g3.v5030.200325
Wavlink	Wn531G3	-

Related Weaknesses (CWE)

CWE-287 CWE-304

References

https://youtu.be/cSileV8YbsQ?t=655ExploitThird Party Advisory
https://youtu.be/cSileV8YbsQ?t=655ExploitThird Party Advisory

FAQ

What is CVE-2022-40622?

CVE-2022-40622 is a vulnerability with a CVSS score of 8.8 (HIGH). The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address...

How severe is CVE-2022-40622?

CVE-2022-40622 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-40622?

Check the references section above for vendor advisories and patch information. Affected products include: Wavlink Wn531G3 Firmware, Wavlink Wn531G3.