CVE-2022-40622

Name of the Vulnerable Software and Affected Versions WAVLINK Quantum D4G (WN531G3) version M31G3.V5030.200325

Description The issue is related to the authentication procedure in the WAVLINK Quantum D4G (WN531G3) Wi-Fi router. The device uses IP addresses to hold sessions and does not utilize session tokens. This allows an attacker to take over a session if they change their IP address to match the logged-in administrator's or are behind the same NAT as the logged-in administrator.

Recommendations For version M31G3.V5030.200325, consider restricting access to the router's administration interface to minimize the risk of session takeover until a patch is available. As a temporary workaround, limit the number of users who can access the administration interface and ensure that all users are behind a secure and unique NAT. At the moment, there is no information about a newer version that contains a fix for this vulnerability.