CVE-2022-31265

Published: May 26, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source.

Affected (1)

Products: Wargaming: World Of Warships

Wargaming

1 product

World Of Warships

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wargaming World Of Warships	Version 0.11.4

Related CWEs

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://imgur.com/a/cm5E0jb

Source: cve@mitre.org

ExploitThird Party Advisory

https://imgur.com/a/cm5E0jb

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.