Vulnerabilities > CVE-2022-26519 - Improper Restriction of Excessive Authentication Attempts vulnerability in Carrier Hills Comnav Firmware 300219

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

carrier

CWE-307

NVD

Published: 2022-04-20

Updated: 2022-04-29

Summary

There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials.

Vulnerable Configurations

Part	Description	Count
OS	Carrier Carrier Hills Comnav Firmware - Carrier Hills Comnav Firmware 3002-19	2
Hardware	Carrier Carrier Hills Comnav -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf