CVE-2023-22389

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–Backup Settings, which could be read by any user accessing the file...

CVE-2023-24020

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login...

CVE-2023-22315

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network LAN protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code...

Design/Logic Flaw

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login...

Code injection

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network LAN protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code...

CVE-2023-23582

Summary of CVE-2023-23582 (Snap One Wattbox WB-300-IP-3) : A heap-based buffer overflow affects Snap One Wattbox WB-300-IP-3, versions WB10.9a17 and prior. The vulnerability could allow an attacker to execute arbitrary code or crash the device remotely. Mitigation provided in the connected adviso...

CVE-2023-23582

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely...

CVE-2023-22389

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–Backup Settings, which could be read by any user accessing the file...

CVE-2023-24020

CVE-2023-24020 affects Snap One Wattbox WB-300-IP-3; root cause: improper restriction of excessive authentication attempts (CWE-307). Affected: Wattbox WB-300-IP-3, versions WB10.9a17 and prior. Impact: could bypass brute-force protection and allow multiple login attempts, enabling credential gue...

CVE-2023-24020

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login...

PT-2023-19364 · Snap One · Snap One Wattbox Wb-300-Ip-3

Name of the Vulnerable Software and Affected Versions: Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior Description: The issue allows bypassing the brute force protection, enabling multiple attempts to force a login. Recommendations: For Snap One Wattbox WB-300-IP-3 versions WB10.9a17 an...

Snap One Wattbox WB-300-IP-3

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Snap One Equipment: Wattbox WB-300-IP -3 Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Heap-based Buffer Overflow, Plaintext Storage of a Password, Insufficient Verificatio...