CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-40622

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.7%

CVSS Severity

CVSS v3 Score 8.8

References

https://youtu.be/cSileV8YbsQ?t=655
https://youtu.be/cSileV8YbsQ?t=655

Products affected by CVE-2022-40622

Wavlink » Wn531g3 » Version: N/A

cpe:2.3:h:wavlink:wn531g3:-
Wavlink » Wn531g3 Firmware » Version: N/A

cpe:2.3:o:wavlink:wn531g3_firmware:-
Wavlink » Wn531g3 Firmware » Version: m31g3.v5030.200325

cpe:2.3:o:wavlink:wn531g3_firmware:m31g3.v5030.200325

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-40622

Products

Pricing

Contact Us