CVE-2023-33754

The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
inpiazzacloud_wifi
𝑥
< 4.2.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Alkatraz97/CVEs/blob/main/CVE-2023-33754.md
https://github.com/Alkatraz97/CVEs/blob/main/CVE-2023-33754.md