PT-2023-27605 · Opto 22 · Snap Pac S1 Firmware

Nicolas Cano

Publicado

2023-08-24

Atualizado

2023-08-29

CVE-2023-40707

CVSS v3.1

8.6

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SNAP PAC S1 Firmware version R10.3b

Description The built-in web server of the SNAP PAC S1 Firmware does not require complex passwords, which could allow for a successful brute force attack if users do not set up complex credentials.

Recommendations For SNAP PAC S1 Firmware version R10.3b, consider setting up complex credentials to prevent brute force attacks. As a temporary workaround, restrict access to the built-in web server until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-521

Identificadores relacionados

CVE-2023-40707

Produtos afetados

Snap Pac S1 Firmware

PT-2023-27605 · Opto 22 · Snap Pac S1 Firmware

CVE-2023-40707

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5