User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than…
icscert·CWE-204·Published 2025-06-12
User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through enumerating random digit sequences.
User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through enumerating random digit sequences.
Los nombres de usuario utilizados para acceder a la interfaz de administración web se limitan al identificador del dispositivo, que es un identificador numérico de no más de 10 dígitos. Un atacante malicioso puede enumerar objetivos potenciales incrementando o decrementando los identificadores conocidos o enumerando secuencias aleatorias de dígitos.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 8.6 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
| 3.1 | Secondary | NVD | 8.6 | 3.9 | 4.7 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
| 4.0 | Primary | cve.org | 8.8 | — | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N |
| 4.0 | Secondary | NVD | 8.8 | — | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |