2 matches found
CVE-2023-35134
CVE-2023-35134 affects Weintek Weincloud v0.13.6, where an attacker could reset an account’s password using only the JWT token. The ICS advisory notes an authenticated/remote exposure with the account API; CISA recommends upgrading to the fixed account API version (v0.13.8) and applying standard ...
Weintek Weincloud
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: Weincloud Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication, Improper Restriction of Excessive Authentication Attempts, Improper...