WAVLINK Quantum D4G (WN531G3) CSRF
CVE-2022-40623

8.8HIGH

Key Information:

Vendor: Wavlink
Status: Wn531g3
Vendor: CVE Published:; 13 September 2022

What is CVE-2022-40623?

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.

Affected Version(s)

WN531G3 M31G3.V5030.200325

References

https://youtu.be/cSileV8YbsQ?t=1028

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2022
Vulnerability Reserved
Sep 12, 2022

Credit

Corey Hartman

Wavlink

What is CVE-2022-40623?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit