CVE-2026-7671

CodeWise Tornet Scooter Mobile App TwoFactor excessive authentication

CVSS 6.3 MEDIUMEPSS 0.6%CWE-307 CWE-799

A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is regarded as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Productos afectados

CodeWise · Tornet Scooter Mobile App

PoCs públicas encontradas — 1

cve_referencedrive.proton.me/urls/M0WFM4137W#MY0jA6pjHYPOno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://drive.proton.me/urls/M0WFM4137W#MY0jA6pjHYPO https://vuldb.com/submit/799987 https://vuldb.com/vuln/360819 https://vuldb.com/vuln/360819/cti