4 matches found
CVE-2023-35134
CVE-2023-35134 affects Weintek Weincloud v0.13.6, where an attacker could reset an account’s password using only the JWT token. The ICS advisory notes an authenticated/remote exposure with the account API; CISA recommends upgrading to the fixed account API version (v0.13.8) and applying standard ...
CVE-2023-34429
CVE-2023-34429 affects Weintek Weincloud v0.13.6, where processing of a forged JWT token can cause a denial-of-service. The connected ICS/nvd entries corroborate the DoS impact and indicate remediation: Weincloud account API updated to v0.13.8 (no action required by users beyond this update). No ...
CVE-2023-37362
CVE-2023-37362 affects Weintek Weincloud v0.13.6. The issue is an improper authentication via the registration function that could allow an attacker to log in with testing credentials on the official site. Reported scores indicate high impact (NVD CVSSv3.1: 8.8; ICS-CERT: 7.2). Mitigation: Weinte...
CVE-2023-32657
CVE-2023-32657 affects Weintek Weincloud v0.13.6 (Account API) and prior, described as Improper Restriction of Excessive Authentication Attempts. The provided documents state an attacker could efficiently develop brute-force attacks on credentials by exploiting authentication hints in error messa...