漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
WAVLINK Quantum D4G (WN531G3) Pass-The-Hash
Vulnerability Description
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.
CVSS Information
N/A
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
WAVLINK WN531G3 安全漏洞
Vulnerability Description
WAVLINK WN531G3是中国睿因科技(WAVLINK)公司的一个无线路由器。 WAVLINK WN531G3 固件版本 M31G3.V5030.200325及之前版本存在安全漏洞,该漏洞源于通过 HTTP 而不是 HTTPS 进行通信,并且由于散列机制不依赖于服务器提供的密钥,攻击者利用该漏洞可以捕获登录用户的散列密码并将其用于经典的 Pass-the-Hash 式攻击。
CVSS Information
N/A
Vulnerability Type
N/A