CVE-2022-40621

WAVLINK Quantum D4G (WN531G3) Pass-The-Hash

EPSS 0.7%CWE-294

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 set 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.

Produtos afetados

WAVLINK · WN531G3

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.malbytes.net/2022/07/wavlink-quantum-d4g-zero-day-part-01.html