Lucene search
MitreCVE-2023-33754HistoryJun 01, 2023 - 8:15 p.m.
CVE-2023-33754
2023-06-0120:15:09
CWE-307
mitre
web.nvd.nist.gov
15
cve-2023-33754
inpiazza cloud wifi
captive portal
password recovery
brute force
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
29.8%
The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials.
Affected configurations
Node
inpiazzacloud_wifiRange<4.2.17
| Vendor | Product | Version | CPE |
|---|---|---|---|
| inpiazza | cloud_wifi | * | cpe:2.3:a:inpiazza:cloud_wifi:*:*:*:*:*:*:*:* |
Related
prion
prion
Default credentials
2023-06-01 20:15:00
cvelist
cvelist
CVE-2023-33754
2023-06-01 00:00:00
nvd
nvd
CVE-2023-33754
2023-06-01 20:15:09
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
29.8%
Related for CVE-2023-33754