Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:78634340
HistoryJun 27, 2023 - 12:00 a.m.

JVN#78634340: Multiple vulnerabilities in WAVLINK WL-WN531AX2

2023-06-2700:00:00
Japan Vulnerability Notes
jvn.jp
24
wavlink wl-wn531ax2
firmware vulnerability
client-side security
exposure to wrong sphere
improper authentication
file upload
neutralization of special elements
os command execution
unauthorized function access
password theft
firmware update
products affected.

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

48.6%

JSON

WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below.

Client-side enforcement of server-side security (CWE-602) - CVE-2023-32612

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
CVSS v2 AV:A/AC:L/Au:S/C:C/I:C/A:C Base Score: 7.7

Exposure of resource to wrong sphere (CWE-668) - CVE-2023-32613

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
CVSS v2 AV:A/AC:L/Au:N/C:P/I:N/A:N Base Score: 3.3

Improper authentication (CWE-287) - CVE-2023-32620

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5
CVSS v2 AV:A/AC:L/Au:N/C:P/I:N/A:N Base Score: 3.3

Unrestricted upload of file with dangerous type (CWE-434) - CVE-2023-32621

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N Base Score: 4.5
CVSS v2 AV:A/AC:L/Au:S/C:N/I:C/A:N Base Score: 5.5

Improper neutralization of special elements (CWE-138) - CVE-2023-32622

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2

Impact

  • A logged-in user may execute OS commands with the root privilege - CVE-2023-32612, CVE-2023-32621, CVE-2023-32622
  • An attacker may use functions without logging in that should be available after login - CVE-2023-32613
  • An attacker may obtain a password for the wireless network - CVE-2023-32620

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer addressed the vulnerability in the following version:

  • WL-WN531AX2 firmware version 2023526

Products Affected

  • WL-WN531AX2 firmware versions prior to 2023526

Related

cve 5
cvelist 5
prion 5
nvd 5
cve
cve
CVE-2023-32621
2023-06-30 05:15:09
CVE-2023-32620
2023-06-30 05:15:09
CVE-2023-32622
2023-06-30 05:15:09
cvelist
cvelist
CVE-2023-32621
2023-06-30 04:03:36
CVE-2023-32613
2023-06-30 04:02:25
CVE-2023-32620
2023-06-30 04:02:54
prion
prion
Authentication flaw
2023-06-30 05:15:00
Design/Logic Flaw
2023-06-30 05:15:00
Design/Logic Flaw
2023-06-30 05:15:00
nvd
nvd
CVE-2023-32621
2023-06-30 05:15:09
CVE-2023-32620
2023-06-30 05:15:09
CVE-2023-32612
2023-06-30 05:15:09

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

48.6%

JSON
Related for JVN:78634340
cve5cvelist5prion5nvd5