Corey Hartman

**Name of the Vulnerable Software and Affected Versions** WAVLINK Quantum D4G (WN531G3) versions M31G3.V5030.200325 and earlier **Description** The issue arises because the WAVLINK Quantum D4G (WN531G3) communicates over HTTP instead of HTTPS, and its hashing mechanism does not rely on a server-supplied key. This allows an attacker with sufficient network access to capture the hashed password of a logged-on user and use it in a classic Pass-the-Hash style attack. **Recommendations** For WAVLINK Quantum D4G (WN531G3) versions M31G3.V5030.200325 and earlier, consider disabling HTTP communication and implementing HTTPS to encrypt data in transit. Additionally, restrict network access to minimize the risk of exploitation. As a temporary workaround, consider implementing an alternative authentication mechanism that relies on a server-supplied key until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WAVLINK Quantum D4G (WN531G3) version M31G3.V5030.200325 **Description** The issue is related to the lack of anti-CSRF tokens, which can be exploited to achieve remote, unauthenticated command execution when combined with other issues. **Recommendations** For WAVLINK Quantum D4G (WN531G3) version M31G3.V5030.200325, consider implementing anti-CSRF tokens to prevent remote command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WAVLINK Quantum D4G (WN531G3) version M31G3.V5030.200325 **Description** The issue is related to the authentication procedure in the WAVLINK Quantum D4G (WN531G3) Wi-Fi router. The device uses IP addresses to hold sessions and does not utilize session tokens. This allows an attacker to take over a session if they change their IP address to match the logged-in administrator's or are behind the same NAT as the logged-in administrator. **Recommendations** For version M31G3.V5030.200325, consider restricting access to the router's administration interface to minimize the risk of session takeover until a patch is available. As a temporary workaround, limit the number of users who can access the administration interface and ensure that all users are behind a secure and unique NAT. At the moment, there is no information about a newer version that contains a fix for this vulnerability.