CVE-2023-40707
Weak password requirements in OPTO 22 SNAP PAC S1 Built-in Web Server
In short
The SNAP PAC S1 web server doesn't require strong passwords, making it easy for attackers to guess login credentials through repeated attempts. This puts the device at risk if users choose weak passwords.
Technical detail
The built-in web server in SNAP PAC S1 Firmware R10.3b lacks password complexity enforcement (CWE-521), enabling brute-force attacks against the authentication mechanism. An attacker with network access to the web interface can systematically attempt credentials without enforced complexity requirements, potentially gaining unauthorized administrative control.
Summary generated and translated by AI from the official description.
There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
OPTO 22 · SNAP PAC S1Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →