CVE-2023-24080

CRITICAL

Chamberlain myQ <5.222.0.32277 - Info Disclosure

Title source: llm

Description

A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.

References (3)

Core 3

Core References

Various Sources

https://archive.ph/NH0Bk

Various Sources

http://web.archive.org/web/20230122144550/https://brackish.io/chamberlain-myq-account-takeover/

Product

http://chamberlain.com

Scores

CVSS v3 9.8

EPSS 0.0114

EPSS Percentile 62.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-307

Status published

Products (1)

chamberlain/myq 5.222.0.32277

Published Feb 21, 2023

Tracked Since Feb 18, 2026