CVE-2023-33754

MEDIUM

Inpiazza Cloud WiFi <4.2.17 - Info Disclosure

Title source: llm

Description

The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials.

Exploits (1)

github WRITEUP

by Alkatraz97 · poc

https://github.com/Alkatraz97/CVEs/tree/main/CVE-2023-33754.md

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/Alkatraz97/CVEs/blob/main/CVE-2023-33754.md

View Exploit ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0009

EPSS Percentile 25.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-307

Status published

Products (1)

inpiazza/cloud_wifi < 4.2.17

Published Jun 01, 2023

Tracked Since Feb 18, 2026