CVE-2022-40621

CVE-2022-40621: WAVLINK Quantum D4G (WN531G3) Pass-The-Hash

Vendor Wavlink
Product WN531G3
Weakness CWE-294
Published September 13, 2022
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.

Key dates

02Disclosure timeline

September 13, 2022 CVE published
September 17, 2024 Record updated