CVE-2023-40707

Summary

There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.

Affected Software

VendorProductVersion RangeStatus
OPTO 22SNAP PAC S1R10.3baffected

Weaknesses

  • CWE-521: CWE-521 Weak Password Requirements

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References