This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.
oryginał ENCVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XReedos Aim Star
APPReedos2.0.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2024-45790CRITICAL9.3PL ✓ten sam produkt
Reedos aiM-Star: brak limitu prób logowania umożliwia atak brute force
CVE-2024-45786HIGH8.7ten sam produkt
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API ...
CVE-2024-45787HIGH8.7ten sam produkt
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in pla...
CVE-2024-45789MEDIUM6.9ten sam produkt
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter ...