CVE-2022-40622
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2022-40622. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.
Available Exploits
Related News
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: September 14, 2022, Modified: September 20, 2022