CVE-2022-33106

WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
wijungleu250_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://wijungle.com
https://hexisanoob.gitbook.io/hexisanoob/cves/cve-2022-33106
http://wijungle.com
https://hexisanoob.gitbook.io/hexisanoob/cves/cve-2022-33106