Back to search
CVE-2022-40621
Published: Sep 13, 2022
Modified: Sep 17, 2024
PUBLISHED
Description
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.
| Vendor | Product | Versions |
|---|---|---|
WAVLINK | WN531G3 | affected M31G3.V5030.200325 - <= M31G3.V5030.200325 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now