PT-2026-22242 · Unknown · Websocket Application Programming Interface
Khaled Sarieddine
+1
·
Publicado
2026-02-26
·
Atualizado
2026-03-04
·
CVE-2026-25945
CVSS v4.0
8.7
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
WebSocket Application Programming Interface (affected versions not specified)
Description
The WebSocket Application Programming Interface does not limit the number of authentication requests. This lack of rate limiting could enable an attacker to perform denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or to conduct brute-force attacks to gain unauthorized access. The API endpoint is susceptible to abuse due to the absence of restrictions on authentication attempts.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Restriction of Excessive Authentication Attempts
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Websocket Application Programming Interface