PT-2023-27604 · Opto 22 · Snap Pac S1 Firmware

Nicolas Cano

Publicado

2023-08-24

Atualizado

2023-08-29

CVE-2023-40706

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SNAP PAC S1 Firmware version R10.3b

Description The issue is related to the lack of a limit on the number of login attempts in the web server. This could allow for a brute-force attack on the built-in web server login.

Recommendations For SNAP PAC S1 Firmware version R10.3b, consider implementing a limit on the number of login attempts or temporarily restricting access to the built-in web server login to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Restriction of Excessive Authentication Attempts

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-307

Identificadores relacionados

CVE-2023-40706

Produtos afetados

Snap Pac S1 Firmware

PT-2023-27604 · Opto 22 · Snap Pac S1 Firmware

CVE-2023-40706

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5