CVE-2022-40895

Published: Oct 6, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://forum.nedi.ch/index.php

https://www.nedi.ch/

https://gist.github.com/UditChavda/2f2effa477a429b485ae7e2dc3bbd04f

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-40895

Description

Affected Products

References