CVE-2023-33754

MEDIUM

Inpiazza Cloud WiFi <4.2.17 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-33754. PoCs published by Alkatraz97.

AI-analyzed exploit summary The repository contains a detailed technical writeup for CVE-2023-33754, describing a user enumeration vulnerability in WiFi Captive Portal Inpiazza Cloud. It explains how the password recovery function leaks user existence via different response messages, enabling brute-force attacks.

Description

The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials.

Exploits (1)

github WRITEUP
by Alkatraz97 · poc
https://github.com/Alkatraz97/CVEs/tree/main/CVE-2023-33754.md

The repository contains a detailed technical writeup for CVE-2023-33754, describing a user enumeration vulnerability in WiFi Captive Portal Inpiazza Cloud. It explains how the password recovery function leaks user existence via different response messages, enabling brute-force attacks.

Classification
Writeup 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WiFi Captive Portal Inpiazza Cloud < 4.2.17
No auth needed
Prerequisites: Access to the captive portal · Ability to intercept HTTP requests/responses
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0066
EPSS Percentile 46.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-307
Status published
Products (1)
inpiazza/cloud_wifi < 4.2.17
Published Jun 01, 2023
Tracked Since Feb 18, 2026