Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-5309

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-29 Nov, 2019 | 20:21
Updated At-04 Aug, 2024 | 19:54
Rejected At-
Credits

Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:29 Nov, 2019 | 20:21
Updated At:04 Aug, 2024 | 19:54
Rejected At:
▼CVE Numbering Authority (CNA)

Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition.

Affected Products
Vendor
n/a
Product
Honor play
Versions
Affected
  • Versions earlier than 9.1.0.333(C00E333R1P1T8)
Problem Types
TypeCWE IDDescription
textN/AInformation Disclosure
Type: text
CWE ID: N/A
Description: Information Disclosure
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-02-smartphone-en
x_refsource_CONFIRM
Hyperlink: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-02-smartphone-en
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-02-smartphone-en
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-02-smartphone-en
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:29 Nov, 2019 | 21:15
Updated At:24 Aug, 2020 | 17:37

Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>honor_play_firmware>>Versions before 9.1.0.333\(c00e333r1p1t8\)(exclusive)
cpe:2.3:o:huawei:honor_play_firmware:*:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>honor_play>>-
cpe:2.3:h:huawei:honor_play:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-307Primarynvd@nist.gov
CWE ID: CWE-307
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-02-smartphone-enpsirt@huawei.com
Vendor Advisory
Hyperlink: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-02-smartphone-en
Source: psirt@huawei.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

69Records found
CVE-2021-22310
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 5.80%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 18:38
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-nip6600secospace_usg6500_firmwarenip6300secospace_usg6500usg9500_firmwaresecospace_usg6600_firmwaresecospace_usg6300nip6600_firmwarenip6300_firmwareusg9500secospace_usg6600secospace_usg6300_firmwareNIP6300;NIP6600;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-9082
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-3.5||LOW
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 09:36
Updated-14 Jan, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Successful exploit could allow the attacker to gain certain information from certain apps locked by Applock. (Vulnerability ID: HWPSIRT-2019-07112) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9082.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mate_20mate_20_firmwareHUAWEI Mate 20
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-9106
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 6.45%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:43
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p30_prop30_pro_firmwareHUAWEI P30 Pro
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-9102
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-3.3||LOW
EPSS-0.02% / 4.29%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 22:59
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-cloudengine_7800cloudengine_5800_firmwarecloudengine_5800cloudengine_6800_firmwarecloudengine_6800cloudengine_7800_firmwarecloudengine_12800cloudengine_12800_firmwareCloudEngine 5800CloudEngine 7800CloudEngine 12800CloudEngine 6800
CVE-2020-9110
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 6.64%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 14:03
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-taurus-an00b_firmwaretaurus-an00bTaurus-AN00B
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9239
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.72%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 13:25
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerab

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p20_pro_firmwareneo-al00d_firmwaretoronto-al00atoronto-tl10_firmwarestanford-al00_firmwarebla-tl00b_firmwarebla-a09toronto-tl10duke-l09_firmwarebla-tl00btoronto-al00toronto-al00_firmwaretoronto-al00a_firmwareberkeley-l09_firmwarelon-l29dbla-a09_firmwarejimmy-al00a_firmwarelon-l29d_firmwarep20neo-al00djimmy-al00aduke-l09p20_firmwareberkeley-l09stanford-al00p20_proBLA-A09;BLA-TL00B;Berkeley-L09;Duke-L09;HUAWEI P20;HUAWEI P20 Pro;Jimmy-AL00A;LON-L29D;NEO-AL00D;Stanford-AL00;Toronto-AL00;Toronto-AL00A;Toronto-TL10
CWE ID-CWE-20
Improper Input Validation
CVE-2023-44111
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.74%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:59
Updated-18 Sep, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-44096
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.74%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 10:37
Updated-18 Sep, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-33735
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.13%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 19:44
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ws7200-10ws7200-10_firmwareWS7200-10
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2017-16900
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.88%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 17:39
Updated-05 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force.

Action-Not Available
Vendor-hunesionn/a
Product-i-onenetn/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-36285
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.05% / 14.48%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_9520latitude_7320_firmwarelatitude_7280_firmwarelatitude_9410latitude_5310_2-in-1precision_3551latitude_7212_rugged_extreme_tablet_firmwarelatitude_7212_rugged_extreme_tabletlatitude_7420latitude_7480precision_3640_tower_firmwarelatitude_5500_firmwarelatitude_5511_firmwareoptiplex_3280_aio_firmwarelatitude_5310_2-in-1_firmwarelatitude_5520latitude_5411_firmwarelatitude_5500optiplex_3080_firmwarelatitude_7370latitude_7370_firmwareoptiplex_7480_aiolatitude_7420_firmwarelatitude_5400_firmwarelatitude_7480_firmwarelatitude_5320_firmwarelatitude_5511optiplex_3080latitude_9510precision_3551_ffirmwareoptiplex_7480_aio_firmwarelatitude_5320latitude_9410_firmwarelatitude_9520_firmwarelatitude_9510_firmwareoptiplex_3280_aiolatitude_5411latitude_5520_firmwareprecision_3640_towerlatitude_7280latitude_7320latitude_5400CPG BIOS
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-36284
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.05% / 14.48%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_9520latitude_7320_firmwarelatitude_7280_firmwarelatitude_9410latitude_5310_2-in-1precision_3551latitude_7212_rugged_extreme_tablet_firmwarelatitude_7212_rugged_extreme_tabletlatitude_7420latitude_7480precision_3640_tower_firmwarelatitude_5500_firmwarelatitude_5511_firmwareoptiplex_3280_aio_firmwarelatitude_5310_2-in-1_firmwarelatitude_5520latitude_5411_firmwarelatitude_5500optiplex_3080_firmwarelatitude_7370latitude_7370_firmwareoptiplex_7480_aiolatitude_7420_firmwarelatitude_5400_firmwarelatitude_7480_firmwarelatitude_5320_firmwarelatitude_5511optiplex_3080latitude_9510precision_3551_ffirmwareoptiplex_7480_aio_firmwarelatitude_5320latitude_9410_firmwarelatitude_9520_firmwarelatitude_9510_firmwareoptiplex_3280_aiolatitude_5411latitude_5520_firmwareprecision_3640_towerlatitude_7280latitude_7320latitude_5400CPG BIOS
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-27747
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.66% / 70.28%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 17:26
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account.

Action-Not Available
Vendor-clickstudiosn/a
Product-passwordstaten/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-28386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.04% / 12.31%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.

Action-Not Available
Vendor-verbatimn/a
Product-keypad_secure_usb_3.2_gen_1keypad_secure_usb_3.2_gen_1_firmwaregd25lk01-3637-c_firmwaregd25lk01-3637-cn/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-28384
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.20%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.

Action-Not Available
Vendor-verbatimn/a
Product-keypad_secure_usb_3.2_gen_1keypad_secure_usb_3.2_gen_1_firmwarestore_\'n\'_go_secure_portable_hddstore_\'n\'_go_secure_portable_hdd_firmwaren/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-25820
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.2||MEDIUM
EPSS-0.03% / 4.92%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:47
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-26519
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.46%
||
7 Day CHG~0.00%
Published-20 Apr, 2022 | 15:30
Updated-16 Apr, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts

There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials.

Action-Not Available
Vendor-carrierInterlogix
Product-hills_comnav_firmwarehills_comnavHills ComNav
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-15770
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.43%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 13:23
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.

Action-Not Available
Vendor-n/aGradle, Inc.
Product-enterprisen/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-4891
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.91%
||
7 Day CHG~0.00%
Published-16 Mar, 2021 | 13:55
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
  • Previous
  • 1
  • 2
  • Next
Details not found