CVE-2022-40622

CVE-2022-40622

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator’s, or is behind the same NAT as the logged in administrator, session takeover is possible.

Source: CVE-2022-40622

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다