Vulnerabilities > CVE-2022-26519 - Improper Restriction of Excessive Authentication Attempts vulnerability in Carrier Hills Comnav Firmware 300219

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
carrier
CWE-307

Summary

There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials.

Vulnerable Configurations

Part Description Count
OS
Carrier
2
Hardware
Carrier
1