Vulnerabilities > CVE-2023-27746 - Improper Restriction of Excessive Authentication Attempts vulnerability in Blackvue Dr750-2Ch IR LTE Firmware and Dr750-2Ch LTE Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

blackvue

CWE-307

critical

NVD

Published: 2023-04-13

Updated: 2023-04-21

Summary

BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.

Vulnerable Configurations

Part	Description	Count
OS	Blackvue Blackvue Dr750 2CH LTE Firmware 1.012_2022.10.26 Blackvue Dr750 2CH IR LTE Firmware 1.012_2022.10.26	2
Hardware	Blackvue Blackvue Dr750 2CH LTE - Blackvue Dr750 2CH IR LTE -	2

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://shop.blackvue.com/product/dr750-2ch-ir-lte/
https://github.com/eyJhb/blackvue-cve-2022
https://github.com/eyJhb/blackvue-cve-2023
https://blackvue.com