CVE-2023-33754

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-307
View all →

Vulnerability Description

The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials.

Related Vulnerabilities

CVE-2018-19021

MEDIUM
CVSS:6.5(Medium)

A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to...

CWE-3072018

CVE-2019-18917

MEDIUM
CVSS:6.5(Medium)

A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.

CWE-3072019

CVE-2020-28206

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin lo...

CWE-3072020

CVE-2020-29136

MEDIUM
CVSS:6.5(Medium)

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).

CWE-3072020

CVE-2021-20635

MEDIUM
CVSS:6.5(Medium)

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.

CWE-3072021

CVE-2021-29987

MEDIUM
CVSS:6.5(Medium)

After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, ...

CWE-3072021