Authentication flaw

Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses...

Design/Logic Flaw

Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token...

CVE-2023-37362

CVE-2023-37362 affects Weintek Weincloud v0.13.6. The issue is an improper authentication via the registration function that could allow an attacker to log in with testing credentials on the official site. Reported scores indicate high impact (NVD CVSSv3.1: 8.8; ICS-CERT: 7.2). Mitigation: Weinte...

CVE-2023-34429 Weintek Weincloud Improper Handling of Structural Elements

Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token...

CVE-2023-34429

CVE-2023-34429 affects Weintek Weincloud v0.13.6, where processing of a forged JWT token can cause a denial-of-service. The connected ICS/nvd entries corroborate the DoS impact and indicate remediation: Weincloud account API updated to v0.13.8 (no action required by users beyond this update). No ...

CVE-2023-34429 Weintek Weincloud Improper Handling of Structural Elements

Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token...

CVE-2023-35134

CVE-2023-35134 affects Weintek Weincloud v0.13.6, where an attacker could reset an account’s password using only the JWT token. The ICS advisory notes an authenticated/remote exposure with the account API; CISA recommends upgrading to the fixed account API version (v0.13.8) and applying standard ...