CVE-2022-40622 - OpenCVE

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wavlink	Wn531g3 Wn531g3 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:wavlink:wn531g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wavlink:wn531g3:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://youtu.be/cSileV8YbsQ?t=655

History

No history.

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2022-09-13T20:35:12.848865Z

Updated: 2024-09-16T16:54:00.789Z

Reserved: 2022-09-12T00:00:00

Link: CVE-2022-40622

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-13T21:15:10.197

Modified: 2022-09-19T13:55:40.630

Link: CVE-2022-40622

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "WN531G3", "vendor": "WAVLINK", "versions": [{"lessThanOrEqual": "M31G3.V5030.200325", "status": "affected", "version": "M31G3.V5030.200325", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Corey Hartman"}], "datePublic": "2022-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-304", "description": "CWE-304 Missing Critical Step in Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-13T20:35:12", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://youtu.be/cSileV8YbsQ?t=655"}], "source": {"discovery": "EXTERNAL"}, "title": "WAVLINK Quantum D4G (WN531G3) Session Management by IP Address", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2022-08-02T14:00:00.000Z", "ID": "CVE-2022-40622", "STATE": "PUBLIC", "TITLE": "WAVLINK Quantum D4G (WN531G3) Session Management by IP Address"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WN531G3", "version": {"version_data": [{"platform": "", "version_affected": "<=", "version_name": "M31G3.V5030.200325", "version_value": "M31G3.V5030.200325"}]}}]}, "vendor_name": "WAVLINK"}]}}, "credit": [{"lang": "eng", "value": "Corey Hartman"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-304 Missing Critical Step in Authentication"}]}]}, "references": {"reference_data": [{"name": "https://youtu.be/cSileV8YbsQ?t=655", "refsource": "MISC", "url": "https://youtu.be/cSileV8YbsQ?t=655"}]}, "source": {"advisory": "", "defect": [], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:21:46.371Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://youtu.be/cSileV8YbsQ?t=655"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2022-40622", "datePublished": "2022-09-13T20:35:12.848865Z", "dateReserved": "2022-09-12T00:00:00", "dateUpdated": "2024-09-16T16:54:00.789Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wavlink:wn531g3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8E4F42B-0D2E-4D51-A8C7-37C5D95ECB2C", "versionEndIncluding": "m31g3.v5030.200325", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wavlink:wn531g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AE2AAA4-71D2-4B70-81FB-836F1A419DBC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible."}, {"lang": "es", "value": "El WAVLINK Quantum D4G (WN531G3) ejecutando la versi\u00f3n de firmware M31G3.V5030.200325, usa direcciones IP para mantener las sesiones y no usa tokens de sesi\u00f3n. Por lo tanto, si un atacante cambia su direcci\u00f3n IP para que coincida con la del administrador que ha iniciado la sesi\u00f3n, o est\u00e1 detr\u00e1s del mismo NAT que el administrador que ha iniciado la sesi\u00f3n, es posible una toma de control de sesi\u00f3n"}], "id": "CVE-2022-40622", "lastModified": "2022-09-19T13:55:40.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-13T21:15:10.197", "references": [{"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/cSileV8YbsQ?t=655"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-304"}], "source": "cve@rapid7.com", "type": "Secondary"}]}