Auth bypass in Wavlink Wn531g3
CVE-2022-40622
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's…
EPSS: 0.007 (48.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Wavlink Wn531g3 — versions M31G3.V5030.200325
- Wavlink Wn531g3_firmware
Weakness classification (CWE)
References
- cve@rapid7.com (Exploit, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-40622?
- CVE-2022-40622 is a high-severity vulnerability in Wavlink Wn531g3, classified under Missing Critical Step in Authentication. CVSS score: 8.8/10. Published 2022-09-13.
- How severe is CVE-2022-40622?
- High severity. CVSS v3 base score is 8.8 out of 10.