CVE-2023-41350 HIGH

CVE-2023-41350: Chunghwa Telecom NOKIA G-040W-Q - Excessive Authentication Attempts

Vendor Chunghwa Telecom
Product NOKIA G-040W-Q
Weakness CWE-307 · Brute force
Published November 3, 2023
Last update September 6, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.

Key dates

02Disclosure timeline

November 3, 2023 CVE published
September 6, 2024 Record updated