HIGH🇵🇱 Wersja polska

CVE-2023-41350

CVSS 7.5v3.1pub. 2023-11-03upd. 2024-11-21

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Nokia G 040w Q

    HW
    Nokia
    wszystkie wersje
  • Nokia G 040w Q Firmware

    OS
    Nokia
    g040wqr201207
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-41351CRITICAL9.8ten sam produkt

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated ...

CVE-2023-41355CRITICAL9.8ten sam produkt

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect me...

CVE-2023-41352HIGH7.2ten sam produkt

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacke...

CVE-2023-41353HIGH8.8ten sam produkt

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regu...

CVE-2023-41354MEDIUM4.0ten sam produkt

Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauth...