Lucene search

Rapid7CVE-2022-40623

HistorySep 13, 2022 - 9:15 p.m.

CVE-2022-40623

2022-09-1321:15:10

CWE-352

rapid7

web.nvd.nist.gov

cve-2022-40623

vulnerability

wavlink quantum d4g

wn531g3

firmware

remote execution

unauthenticated command

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.

Affected configurations

Nvd

Node

wavlinkwn531g3_firmwareRange≤m31g3.v5030.200325

AND

wavlinkwn531g3Match-

VendorProductVersionCPE
wavlinkwn531g3_firmware*cpe:2.3:o:wavlink:wn531g3_firmware:*:*:*:*:*:*:*:*
wavlinkwn531g3-cpe:2.3:h:wavlink:wn531g3:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wavlink	wn531g3_firmware	*	cpe:2.3:o:wavlink:wn531g3_firmware::::::::
wavlink	wn531g3	-	cpe:2.3:h:wavlink:wn531g3:-:::::::*

CNA Affected

[
  {
    "product": "WN531G3",
    "vendor": "WAVLINK",
    "versions": [
      {
        "lessThanOrEqual": "M31G3.V5030.200325",
        "status": "affected",
        "version": "M31G3.V5030.200325",
        "versionType": "custom"
      }
    ]
  }
]

References

youtu.be/cSileV8YbsQ?t=1028

Social References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

Related for CVE-2022-40623