CVE-2022-36110 is a HIGH severity (CVSS 8.8) improper authorization vulnerability in Netmaker, a WireGuard-based network management platform. Published 2022-09-09, this flaw allowed non-privileged users to execute administrative API functions using their authentication tokens due to missing authorization checks. The vulnerability affected all versions prior to 0.15.1. CWE-285 (Improper Authorization) and [truncated]
A critical vulnerability in Netmaker, a WireGuard-based virtual networking platform, involves the use of a hard-coded cryptographic key in versions prior to 0.8.5 and 0.9.0-0.9.3. The flaw (CWE-321) allows network-based attackers to bypass authentication and authorization controls, potentially gaining full administrative access to network infrastructure without credentials. The CVSS 3.1 score of 9.8 refle [truncated]
