CVE-2023-33754

EUVD-2023-37906
The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
inpiazzacloud_wifi
𝑥
< 4.2.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Alkatraz97/CVEs/blob/main/CVE-2023-33754.md
https://github.com/Alkatraz97/CVEs/blob/main/CVE-2023-33754.md