CVE-2022-40622

CVE-2022-40622: WAVLINK Quantum D4G (WN531G3) Session Management by IP Address

Vendor Wavlink
Product WN531G3
Weakness CWE-304
Published September 13, 2022
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.

Key dates

02Disclosure timeline

September 13, 2022 CVE published
September 16, 2024 Record updated