Lucene search
HistorySep 13, 2022 - 9:15 p.m.
CVE-2022-40623
wavlink quantum d4g
wn531g3
firmware vulnerability
remote execution
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.021
Percentile
89.3%
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.
Affected configurations
Node
wavlinkwn531g3_firmwareRange≤m31g3.v5030.200325
wavlinkwn531g3Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wavlink | wn531g3_firmware | * | cpe:2.3:o:wavlink:wn531g3_firmware:*:*:*:*:*:*:*:* |
| wavlink | wn531g3 | - | cpe:2.3:h:wavlink:wn531g3:-:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2022-40623 WAVLINK Quantum D4G (WN531G3) CSRF
2022-09-13 20:35:13
CVE-2022-35518
2022-08-09 19:56:01
prion
prion
Cross site request forgery (csrf)
2022-09-13 21:15:00
Command injection
2022-08-10 20:15:00
cve
cve
CVE-2022-40623
2022-09-13 21:15:10
CVE-2022-35518
2022-08-10 20:15:54
nvd
nvd
CVE-2022-35518
2022-08-10 20:15:54
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.021
Percentile
89.3%
Related for NVD:CVE-2022-40623