Описание
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
Ссылки
- Product
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ev2go:ev2go.io:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00521
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-307
Связанные уязвимости
CVSS3: 7.5
github
4 месяца назад
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
EPSS
Процентиль: 40%
0.00521
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-307