CVE-2023-40706

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 24, 2023

Updated: Aug 29, 2023

CWE ID 307

Summary

CVE-2023-40706 refers to a vulnerability in the SNAP PAC S1 Firmware version R10.3b's built-in web server. This issue is significant because it allows for an unlimited number of login attempts. An attacker could exploit this vulnerability through a brute-force attack, increasing the chances of gaining unauthorized access to the system. The lack of a limit on login attempts poses a serious security risk and should be addressed promptly by updating to a newer firmware version that includes this security enhancement.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Opto 22

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sZAFXL
https://www.cve.org/CVERecord?id=CVE-2023-40706
https://nvd.nist.gov/vuln/detail/CVE-2023-40706

Back to Vulnerability Database

CVE-2023-40706

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations