CVE-2022-33106

CRITICAL

9.8

Description

WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published10/12/2022

Last Modified5/16/2025

Sourcenvd

Honeypot Sightings0

Affected Products

wijungle:u250wijungle:u250_firmware

Weaknesses (CWE)

CWE-307CWE-307

References

http://wijungle.com(cve@mitre.org)

https://hexisanoob.gitbook.io/hexisanoob/cves/cve-2022-33106(cve@mitre.org)

http://wijungle.com(af854a3a-2127-422b-91ae-364da2661108)

https://hexisanoob.gitbook.io/hexisanoob/cves/cve-2022-33106(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.