Auth bypass in Wavlink Wn531g3

CVE-2022-40622

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's…

EPSS: 0.007 (48.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2022-40622?
CVE-2022-40622 is a high-severity vulnerability in Wavlink Wn531g3, classified under Missing Critical Step in Authentication. CVSS score: 8.8/10. Published 2022-09-13.
How severe is CVE-2022-40622?
High severity. CVSS v3 base score is 8.8 out of 10.