Insufficient Authentication Measures in Chunghwa Telecom NOKIA G-040W-Q: Exposing Captcha and Brute Force Vulnerability

Insufficient Authentication Measures in Chunghwa Telecom NOKIA G-040W-Q: Exposing Captcha and Brute Force Vulnerability

CVE-2023-41350 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.

Learn more about our Web Application Penetration Testing UK.