Lucene search

[email protected]CVE-2022-40623

HistorySep 13, 2022 - 9:15 p.m.

CVE-2022-40623

2022-09-1321:15:10

CWE-352

[email protected]

web.nvd.nist.gov

cve-2022-40623

vulnerability

wavlink quantum d4g

wn531g3

firmware

remote execution

unauthenticated command

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.3%

JSON

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.

Affected configurations

NVD

Node

wavlinkwn531g3_firmwareRange≤m31g3.v5030.200325

AND

wavlinkwn531g3Match-

CPENameOperatorVersion
wavlink:wn531g3_firmwarewavlink wn531g3 firmwarelem31g3.v5030.200325

CPE	Name	Operator	Version
wavlink:wn531g3_firmware	wavlink wn531g3 firmware	le	m31g3.v5030.200325

CNA Affected

[
  {
    "product": "WN531G3",
    "vendor": "WAVLINK",
    "versions": [
      {
        "lessThanOrEqual": "M31G3.V5030.200325",
        "status": "affected",
        "version": "M31G3.V5030.200325",
        "versionType": "custom"
      }
    ]
  }
]

References

youtu.be/cSileV8YbsQ?t=1028

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.3%

JSON

Related for CVE-2022-40623

nvd2 prion2 cvelist2 cve1