Vulnerabilites related to WAVLINK - WN531G3
CVE-2022-40623 (GCVE-0-2022-40623)
Vulnerability from cvelistv5
Published
2022-09-13 20:35
Modified
2024-09-17 04:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/cSileV8YbsQ?t=1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN531G3",
"vendor": "WAVLINK",
"versions": [
{
"lessThanOrEqual": "M31G3.V5030.200325",
"status": "affected",
"version": "M31G3.V5030.200325",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Corey Hartman"
}
],
"datePublic": "2022-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T20:35:13",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/cSileV8YbsQ?t=1028"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WAVLINK Quantum D4G (WN531G3) CSRF",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-08-02T14:00:00.000Z",
"ID": "CVE-2022-40623",
"STATE": "PUBLIC",
"TITLE": "WAVLINK Quantum D4G (WN531G3) CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN531G3",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "M31G3.V5030.200325",
"version_value": "M31G3.V5030.200325"
}
]
}
}
]
},
"vendor_name": "WAVLINK"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Corey Hartman"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://youtu.be/cSileV8YbsQ?t=1028",
"refsource": "MISC",
"url": "https://youtu.be/cSileV8YbsQ?t=1028"
}
]
},
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-40623",
"datePublished": "2022-09-13T20:35:13.734432Z",
"dateReserved": "2022-09-12T00:00:00",
"dateUpdated": "2024-09-17T04:25:38.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40621 (GCVE-0-2022-40621)
Vulnerability from cvelistv5
Published
2022-09-13 20:35
Modified
2024-09-17 02:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Summary
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.malbytes.net/2022/07/wavlink-quantum-d4g-zero-day-part-01.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN531G3",
"vendor": "WAVLINK",
"versions": [
{
"lessThanOrEqual": "M31G3.V5030.200325",
"status": "affected",
"version": "M31G3.V5030.200325",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Corey Hartman"
}
],
"datePublic": "2022-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T20:35:11",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.malbytes.net/2022/07/wavlink-quantum-d4g-zero-day-part-01.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WAVLINK Quantum D4G (WN531G3) Pass-The-Hash",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-07-05T14:00:00.000Z",
"ID": "CVE-2022-40621",
"STATE": "PUBLIC",
"TITLE": "WAVLINK Quantum D4G (WN531G3) Pass-The-Hash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN531G3",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "M31G3.V5030.200325",
"version_value": "M31G3.V5030.200325"
}
]
}
}
]
},
"vendor_name": "WAVLINK"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Corey Hartman"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294 Authentication Bypass by Capture-replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.malbytes.net/2022/07/wavlink-quantum-d4g-zero-day-part-01.html",
"refsource": "MISC",
"url": "https://www.malbytes.net/2022/07/wavlink-quantum-d4g-zero-day-part-01.html"
}
]
},
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-40621",
"datePublished": "2022-09-13T20:35:12.006313Z",
"dateReserved": "2022-09-12T00:00:00",
"dateUpdated": "2024-09-17T02:01:24.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40622 (GCVE-0-2022-40622)
Vulnerability from cvelistv5
Published
2022-09-13 20:35
Modified
2024-09-16 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-304 - Missing Critical Step in Authentication
Summary
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/cSileV8YbsQ?t=655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN531G3",
"vendor": "WAVLINK",
"versions": [
{
"lessThanOrEqual": "M31G3.V5030.200325",
"status": "affected",
"version": "M31G3.V5030.200325",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Corey Hartman"
}
],
"datePublic": "2022-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator\u0027s, or is behind the same NAT as the logged in administrator, session takeover is possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "CWE-304 Missing Critical Step in Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T20:35:12",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/cSileV8YbsQ?t=655"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WAVLINK Quantum D4G (WN531G3) Session Management by IP Address",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-08-02T14:00:00.000Z",
"ID": "CVE-2022-40622",
"STATE": "PUBLIC",
"TITLE": "WAVLINK Quantum D4G (WN531G3) Session Management by IP Address"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN531G3",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "M31G3.V5030.200325",
"version_value": "M31G3.V5030.200325"
}
]
}
}
]
},
"vendor_name": "WAVLINK"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Corey Hartman"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator\u0027s, or is behind the same NAT as the logged in administrator, session takeover is possible."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-304 Missing Critical Step in Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://youtu.be/cSileV8YbsQ?t=655",
"refsource": "MISC",
"url": "https://youtu.be/cSileV8YbsQ?t=655"
}
]
},
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-40622",
"datePublished": "2022-09-13T20:35:12.848865Z",
"dateReserved": "2022-09-12T00:00:00",
"dateUpdated": "2024-09-16T16:54:00.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}