CVE-2022-40621

Published: Sep 13, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.

Affected (1)

Products: Wavlink: Wn531g3 Firmware

1 product

Wn531g3 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wavlink Wn531g3 Firmware	Up to m31g3.v5030.200325

Running on/with	Platform Versions
Wavlink Wn531g3	All versions

Related CWEs

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://www.malbytes.net/2022/07/wavlink-quantum-d4g-zero-day-part-01.html

Source: cve@rapid7.com

ExploitThird Party Advisory

https://www.malbytes.net/2022/07/wavlink-quantum-d4g-zero-day-part-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.