Lucene search
K
WeintekWeincloud

4 matches found

CVE
CVE
added 2023/07/19 9:43 p.m.2513 views

CVE-2023-35134

CVE-2023-35134 affects Weintek Weincloud v0.13.6, where an attacker could reset an account’s password using only the JWT token. The ICS advisory notes an authenticated/remote exposure with the account API; CISA recommends upgrading to the fixed account API version (v0.13.8) and applying standard ...

7.4CVSS6.7AI score0.00376EPSS
CVE
CVE
added 2023/07/19 9:45 p.m.2496 views

CVE-2023-34429

CVE-2023-34429 affects Weintek Weincloud v0.13.6, where processing of a forged JWT token can cause a denial-of-service. The connected ICS/nvd entries corroborate the DoS impact and indicate remediation: Weincloud account API updated to v0.13.8 (no action required by users beyond this update). No ...

7.5CVSS7.6AI score0.00531EPSS
CVE
CVE
added 2023/07/19 9:50 p.m.66 views

CVE-2023-37362

CVE-2023-37362 affects Weintek Weincloud v0.13.6. The issue is an improper authentication via the registration function that could allow an attacker to log in with testing credentials on the official site. Reported scores indicate high impact (NVD CVSSv3.1: 8.8; ICS-CERT: 7.2). Mitigation: Weinte...

8.8CVSS7.8AI score0.00511EPSS
CVE
CVE
added 2023/07/19 9:47 p.m.51 views

CVE-2023-32657

CVE-2023-32657 affects Weintek Weincloud v0.13.6 (Account API) and prior, described as Improper Restriction of Excessive Authentication Attempts. The provided documents state an attacker could efficiently develop brute-force attacks on credentials by exploiting authentication hints in error messa...

7.5CVSS6.5AI score0.00434EPSS