Описание
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:nokia:g-040w-q_firmware:g040wqr201207:*:*:*:*:*:*:*
cpe:2.3:h:nokia:g-040w-q:-:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00063
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-307
CWE-307
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.
EPSS
Процентиль: 20%
0.00063
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-307
CWE-307