Chunghwa Telecom NOKIA G-040W-Q - Excessive Authentication Attempts
CVE-2023-41350

7.5HIGH

Key Information:

Vendor: Chunghwa Telecom
Status: Nokia G-040w-q
Vendor: CVE Published:; 3 November 2023

🔔 Create Chunghwa Telecom Vulnerability Alert

What is CVE-2023-41350?

The NOKIA G-040W-Q device by Chunghwa Telecom contains a vulnerability that fails to implement adequate protections against multiple failed authentication attempts. This flaw enables remote attackers, without the need for authentication, to execute specially crafted JavaScript that exposes the captcha on the authentication page. By bypassing the captcha, attackers can launch brute force attacks with increased ease, significantly compromising the security of affected devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

NOKIA G-040W-Q G040WQR201207

References

https://www.twcert.org.tw/tw/cp-132-7500-0c544-1.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Aug 29, 2023

JSON