#VU71602 Improper Restriction of Excessive Authentication Attempts in Wattbox WB-300-IP-3


Published: 2023-01-27

Vulnerability identifier: #VU71602

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-24020

CWE-ID: CWE-307

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Wattbox WB-300-IP-3
Hardware solutions / Firmware

Vendor: Snap One

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper restriction of excessive authentication attempts. A remote attacker can multiple attempts to force a login.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Wattbox WB-300-IP-3: WB10.9a17

External links
http://ics-cert.us-cert.gov/advisories/icsa-23-026-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Snap One Wattbox WB-300-IP-3