Lucene search
HistoryJun 01, 2023 - 8:15 p.m.
CVE-2023-33754
captive portal
inpiazza cloud wifi
password recovery
brute force
user accounts
login credentials
cve-2023-33754
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.8%
The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials.
Affected configurations
Node
inpiazzacloud_wifiRange<4.2.17
| Vendor | Product | Version | CPE |
|---|---|---|---|
| inpiazza | cloud_wifi | * | cpe:2.3:a:inpiazza:cloud_wifi:*:*:*:*:*:*:*:* |
Related
prion
prion
Default credentials
2023-06-01 20:15:00
cvelist
cvelist
CVE-2023-33754
2023-06-01 00:00:00
cve
cve
CVE-2023-33754
2023-06-01 20:15:09
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.8%
Related for NVD:CVE-2023-33754