CVE-2022-40621

WAVLINK Quantum D4G (WN531G3) Pass-The-Hash

EPSS 0.7%CWE-294

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 sep 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.

Productos afectados

WAVLINK · WN531G3

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.malbytes.net/2022/07/wavlink-quantum-d4g-zero-day-part-01.html