CVE-2022-44356 Scanner
CVE-2022-44356 scanner - Information Disclosure vulnerability in WAVLINK Quantum D4G (WL-WN531G3)
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
URL
Toolbox
-
WAVLINK Quantum D4G (WL-WN531G3) is a wireless router used in home and small office networks to provide stable internet connectivity. It supports dual-band WiFi and advanced configuration features, making it ideal for high-speed data streaming and gaming. This device is commonly used by tech-savvy users looking for secure and efficient network management. It includes features like remote access and user authentication for better control. However, vulnerabilities in its firmware can lead to potential security risks.
This vulnerability arises from an access control issue in the WAVLINK Quantum D4G firmware, allowing unauthorized access to sensitive data. An attacker can exploit this flaw to download configuration data and log files without authentication. The information disclosed may include critical credentials and configuration details. If exploited, this could compromise the security of the entire network.
The vulnerability exists due to insufficient validation on endpoints handling log and configuration exports. Specifically, the ExportLogs.sh
endpoint allows unauthenticated users to access and download sensitive configuration data, such as login credentials and WiFi settings. Headers indicate the data is delivered in an application/octet-stream
format with filenames containing critical details. The firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 are affected by this issue. Attackers can exploit this by directly sending a GET request to the vulnerable endpoint.
Exploiting this vulnerability can result in the exposure of sensitive configuration data, such as admin login credentials, passwords, and network configurations. Malicious actors could use this information to gain unauthorized control of the router. This could lead to further attacks, such as injecting malicious firmware, intercepting user traffic, or disabling the router entirely, disrupting network functionality.
By using S4E, you can protect your network from vulnerabilities like this with our comprehensive cyber threat exposure management tools. Our platform provides easy-to-read reports, detailed insights into your digital assets, and proactive notifications for any detected vulnerabilities. Join our community to safeguard your systems and ensure a secure network environment. With our robust scanning capabilities, you can minimize risks and maintain optimal security standards.
References: