CVE-2023-49589 HIGH

CVE-2023-49589

Vendor Wwbn

Product AVideo

Weakness CWE-640 · Weak password recovery

Published January 10, 2024

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

January 10, 2024 CVE published

November 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-49589

Related vulnerabilities

CVE-2023-49589

01Description

02Disclosure timeline

03References

04Related CVE