CVE-2023-41353

HIGH

Chunghwa Telecom NOKIA G-040W-Q - Info Disclosure

Title source: llm

Description

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.

References (1)

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-7503-a27ed-1.html

Scores

CVSS v3 8.8

EPSS 0.0027

EPSS Percentile 50.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-521

Status published

Products (1)

nokia/g-040w-q_firmware g040wqr201207

Published Nov 03, 2023

Tracked Since Feb 18, 2026