CVE-2023-41350
Chunghwa Telecom NOKIA G-040W-Q - Excessive Authentication Attempts
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.
Chunghwa Telecom NOKIA G-040W-Q tiene una vulnerabilidad de medidas insuficientes para evitar múltiples intentos fallidos de autenticación. Un atacante remoto no autenticado puede ejecutar un Javascript manipulado para exponer el captcha en la página, lo que hace que sea muy fácil para los bots omitir la verificación del captcha y hacerlos más susceptibles a ataques de fuerza bruta.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-29 CVE Reserved
- 2023-11-03 CVE Published
- 2024-09-06 CVE Updated
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
- CAPEC-49: Password Brute Forcing
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.twcert.org.tw/tw/cp-132-7500-0c544-1.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nokia Search vendor "Nokia" | G-040w-q Firmware Search vendor "Nokia" for product "G-040w-q Firmware" | g040wqr201207 Search vendor "Nokia" for product "G-040w-q Firmware" and version "g040wqr201207" | - |
Affected
| in | Nokia Search vendor "Nokia" | G-040w-q Search vendor "Nokia" for product "G-040w-q" | - | - |
Safe
|