CVE-2023-49259

CVE-2023-49259: Bruteforcing authentication cookie for a given user

Vendor Hongdian
Product H8951-4G-ESP
Weakness CWE-341
Published January 12, 2024
Last update June 20, 2025

CVSS base score

What the vulnerability does

01Description

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.

Key dates

02Disclosure timeline

January 12, 2024 CVE published
June 20, 2025 Record updated