Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40622

Sept. 13, 2022, 9:15 p.m. |

National Vulnerability Database nist.gov

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.

cve

Chief Information Security Officer

@ Los Angeles Unified School District | Los Angeles

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

IT Security Engineer

@ Stylitics | New York City

Information Security Engineer

@ VDA Labs | Remote

Information Security Analyst

@ Metropolitan Transportation Commission | San Francisco, CA

Director of Threat Intelligence

@ McDonald's Corporation | Chicago, IL, United States

Senior Principal Security Engineer - EMEA, Remote

@ GoDaddy | EMEA

Network Security Engineer (Starlink)

@ SpaceX | Redmond, WA, United States

Staff, Cloud Security Engineer

@ Twilio | Remote - US

Senior DevSecOps Engineer

@ Ginger | Remote - United States

Sr Professional Consultant I (Top Secret Clearance)

@ Palo Alto Networks | Las Vegas, NV, United States