CVE-2022-40623

Description

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.

Related CPE's

owavlinkwn531g3_firmware********

hwavlinkwn531g3-*******

References

https://youtu.be/cSileV8YbsQ?t=1028

ExploitThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io